Requirements for a data exchange platform

DATE: 13-11-2024 STATUS: FOR REVIEW

 

Data type agnostic

The platform is suitable for all types of datasets, such as table data (CSV), genome data and medical images.

Interoperability

The platform offers standardized APIs that enable:

• Data can be placed on the Data Exchange Platform by authorized persons with various upload tools (e.g. Filezilla, rclone, https, secure ftp, rsync, rest APIs, etc.).

• Authorized data users can import data to a secure processing environment

• Datasets (including relevant metadata) can be temporarily stored for the purpose of data exchange between different parties and systems

Storage capacity

The environment must be suitable for large amounts of data (from 10 TB).

Security requirements

Demonstrably high level of confidentiality through excellent data governance, logging and security:

• The data exchange platform is suitable for storing and sharing highly confidential data

• Access control and authorization appropriate for highly confidential data, see Requirements for a secure processing environment.

• Data can be issued to the platform via a secure connection.

• Data can be retrieved from the platform via a secure connection.

• The data holder grants access to data (whether or not delegated via the data broker).

• Data can only be deleted and/or downloaded after approval by the data holder (whether or not delegated via data broker).

• Access is only granted per study (research project) to the persons authorized for the study.

• Access is only granted per research project for the agreed duration of the research upon application and authorizations must be withdrawn after the expiry of the time limit based on this.

• The data exchange platform uses the Identification and authentication service to identify and authenticate data users.