Demystifying the likelihood of reidentification in neuroimaging data: A technical and regulatory analysis.

Sharing research data has been widely promoted in the field of neuroimaging and has enhanced the rigor and reproducibility of neuroimaging studies. Yet the emergence of novel software tools and algorithms, such as face recognition, has raised concerns due to their potential to reidentify defaced neuroimaging data that are thought to have been deidentified. Despite the surge of privacy concerns, however, the risk of reidentification via these tools and algorithms has not yet been examined outside the limited settings for demonstration purposes. There is also a pressing need to carefully analyze regulatory implications of this new reidentification attack because concerns about the anonymity of data are the main reason that researchers think they are legally constrained from sharing their data. This study aims to tackle these gaps through rigorous technical and regulatory analyses. Using a simulation analysis, we first tested the generalizability of the matching accuracies in defaced neuroimaging data reported in a recent face recognition study (Schwarz et al., 2021). The results showed that the real-world likelihood of reidentification in defaced neuroimaging data via face recognition would be substantially lower than that reported in the previous studies. Next, by taking a US jurisdiction as a case study, we analyzed whether the novel reidentification threat posed by face recognition would place defaced neuroimaging data out of compliance under the current regulatory regime. Our analysis suggests that defaced neuroimaging data using existing tools would still meet the regulatory requirements for data deidentification. A brief comparison with the EU's General Data Protection Regulation (GDPR) was also provided. Then, we examined the implication of NIH's new Data Management and Sharing Policy on the current practice of neuroimaging data sharing based on the results of our simulation and regulatory analyses. Finally, we discussed future directions of open data sharing in neuroimaging.