Optimising cohort data in Europe

been unavailable to physicians in ''normal healthcare'' settings (e.g. lifestyle information posted on patients' blogs and instagram) (Cvrkel, 2018). An issue in passive data collection is that the generation of specific participants' profiles includes a rich array of personal data and information. The obvious challenge is to deal with the potential lack of privacy involved while still using this kind of personal data for beneficial research purposes (e.g. patients can be cared in their own homes rather than in hospital settings) (Martinez-Martin and Kraitmeir, 2018; Nelson and Allen, 2018). Because data collected through passive data collection devices is very sensitive, there is an increased risk of privacy and security breaches (Corwin et al., 2018). For instance, passive data is mostly collected through smartphones that have less computational power than computers. This characteristic makes smartphones particularly vulnerable to encryption breaks (Nelson and Allen, 2018; Cornet and Holden, 2018). Moreover, de-identification systems can be broken by combining multiple data points that in turn, can reveal participants' identity (Maher et al., 2019). The storage of passive data is not straightforward either, with still unresolved questions of data ownership (Janeček, 2018). Passive data collection can potentially reveal incidental information that can violate privacy and autonomy. For instance, passive data collection unavoidably targets not only the participants themselves but also the bystanders and family members who interact with them (Ambrosini et al., 2018). Tracking testing behaviour through social networks is another example where third parties, which did not agree to take part in the study in the first place, are still unavoidably involved (Bhatia-Lin et al., 2019). Such an intrusion into a participants' private environment makes informed consent excessively difficult to obtain (Martinez-Martin and Kreitmair, 2018). For geosptial data collection technologies, a major issue is that participants' geographic history can be collected and registered directly in the geolocating device used (e.g. smartphones, iHealth devices) (Cetl et al., 2019). This means that confidentiality and privacy issues are unavoidable even if participants give consent in the first place (Resnik, 2019). Since the data are registered directly on the device, participants cannot evaluate the full extent of the additional information obtained about them (Ghermandi and Sinclair, 2019). By contrast, researchers benefit from an exceptional rich array of information about participants, including their detailed spatio-temporal histories. This is because geo-locating devices tend to combine geographical data with temporal data. As a result, participants' identity is unavoidably compromised because even the removal of identifiable information is not a sufficient guarantee of confidentiality. Namely, participants are still likely to be identified through their individual footprints and travel paths patterns (Maher et al., 2019). For instance, it is possible to identify a participant (and determine his/her lifestyle) by reversely geocoding the estimated point of residence while at the same time, cross-checking with visits to other places in the area (Halabi et al., 2019). Participants are thus particularly vulnerable to re-identification and confidentiality