DataSHIELD: mitigating disclosure risk in a multi-site federated analysis platform

Demetris Avraam^{1

2}, Rebecca C Wilson², Noemi Aguirre Chan³, Soumya Banerjee⁴, Tom R P Bishop⁵, Olly Butters², Tim Cadman^{6

7}, Luise Cederkvist¹, Liesbeth Duijts^{8

9}, Xavier Escribà Montagut⁷, Hugh Garner¹⁰, Gonçalo Gonçalves¹¹, Juan R González^{7

12}, Sido Haakma⁶, Mette Hartlev¹³, Jan Hasenauer¹⁴, Manuel Huth¹⁴, Eleanor Hyde⁶, Vincent W V Jaddoe^{15

16}, Yannick Marcon¹⁷, Michaela Th Mayrhofer¹⁸, Fruzsina Molnar-Gabor³, Andrei Scott Morgan^{19

20}, Madeleine Murtagh²¹, Marc Nestor³, Anne-Marie Nybo Andersen¹, Simon Parker^{3

22}, Angela Pinot de Moira^{1

23}, Florian Schwarz²⁴, Katrine Strandberg-Larsen¹, Morris A Swertz⁶, Marieke Welten^{15

16}, Stuart Wheater²⁵, Paul Burton²⁶

Affiliations

¹ Department of Public Health, Section of Epidemiology, University of Copenhagen, Copenhagen, DK-1353, Denmark.
² Department of Public Health, Policy and Systems, University of Liverpool, Liverpool, L69 3GF, United Kingdom.
³ BioQuant, Faculty of Law, Heidelberg University, Heidelberg, 69120, Germany.
⁴ Department of Computer Science and Technology, University of Cambridge, Cambridge, CB3 0FD, United Kingdom.
⁵ MRC Epidemiology Unit, University of Cambridge, Cambridge, CB2 0QQ, United Kingdom.
⁶ Department of Genetics, University of Groningen and University Medical Center Groningen, Groningen, 9713 AV, The Netherlands.
⁷ Barcelona Institute for Global Health (ISGlobal), Barcelona, 08003, Spain.
⁸ Department of Pediatrics, Division of Respiratory Medicine and Allergology, Erasmus MC, University Medical Center Rotterdam, Rotterdam, 3015 GD, The Netherlands.
⁹ Department of Neonatal and Pediatric Intensive Care, Division of Neonatology, Erasmus MC, University Medical Center Rotterdam, Rotterdam, 3015 GD, The Netherlands.
¹⁰ National Innovation Centre for Aging, Newcastle University, Newcastle upon Tyne, NE4 5TG, United Kingdom.
¹¹ Human-Centered Computing and Information Science, INESC TEC, Porto, 4200-465, Portugal.
¹² Centro de Investigación Biomédica en Red en Epidemiología y Salud Pública, Barcelona, 08003, Spain.
¹³ Centre for Legal Studies in Welfare and Market, Faculty of Law, University of Copenhagen, Copenhagen, DK-2300, Denmark.
¹⁴ Life and Medical Sciences (LIMES) Institute and Bonn Center for Mathematical Life Sciences, University of Bonn, Bonn, 53115, Germany.
¹⁵ Generation R Study Group, Erasmus MC, University Medical Center Rotterdam, Rotterdam, 3015 GD, The Netherlands.
¹⁶ Department of Pediatrics, Erasmus MC, University Medical Center Rotterdam, Rotterdam, 3015 GD, The Netherlands.
¹⁷ Epigeny, St. Ouen, France.
¹⁸ Department of ELSI Services and Research, BBMRI-ERIC, Graz, 8010, Austria.
¹⁹ Elizabeth Garrett Anderson Institute for Women's Health London, University College London, London, WC1E 6DE, United Kingdom.
²⁰ Obstetric, Perinatal, Paediatric and Life Course Epidemiology Team (OPPaLE), Center for Research in Epidemiology and StatisticS (CRESS), Institut National pour la Santé et la Recherche Médicale (INSERM, French Institute for Health and Medical Research), Institut National de Recherche pour l'Agriculture, l'Alimentation et l'Environnement (INRAe), Paris Cité University, Paris, 75010, France.
²¹ School of Social and Political Sciences, University of Glasgow, Glasgow, G12 8RT, United Kingdom.
²² German Human Genome-phenome Archive, DKFZ, Heidelberg, D-69120, Germany.
²³ School of Public Health, Imperial College London, London, W12 0BZ, United Kingdom.
²⁴ Department of Molecular Epidemiology, German Institute of Human Nutrition Potsdam-Rehbruecke, Nuthetal, 14558, Germany.
²⁵ Arjuna Technologies, Newcastle upon Tyne, NE4 5TG, United Kingdom.
²⁶ Population Health Sciences Institute, Newcastle University, Newcastle, NE2 4AX, United Kingdom.

PMID: 40191546
PMCID: PMC11968321
DOI: 10.1093/bioadv/vbaf046

DataSHIELD: mitigating disclosure risk in a multi-site federated analysis platform

Demetris Avraam et al. Bioinform Adv. 2025.

. 2025 Mar 10;5(1):vbaf046.

doi: 10.1093/bioadv/vbaf046. eCollection 2025.

Authors

Affiliations

¹ Department of Public Health, Section of Epidemiology, University of Copenhagen, Copenhagen, DK-1353, Denmark.
² Department of Public Health, Policy and Systems, University of Liverpool, Liverpool, L69 3GF, United Kingdom.
³ BioQuant, Faculty of Law, Heidelberg University, Heidelberg, 69120, Germany.
⁴ Department of Computer Science and Technology, University of Cambridge, Cambridge, CB3 0FD, United Kingdom.
⁵ MRC Epidemiology Unit, University of Cambridge, Cambridge, CB2 0QQ, United Kingdom.
⁶ Department of Genetics, University of Groningen and University Medical Center Groningen, Groningen, 9713 AV, The Netherlands.
⁷ Barcelona Institute for Global Health (ISGlobal), Barcelona, 08003, Spain.
⁸ Department of Pediatrics, Division of Respiratory Medicine and Allergology, Erasmus MC, University Medical Center Rotterdam, Rotterdam, 3015 GD, The Netherlands.
⁹ Department of Neonatal and Pediatric Intensive Care, Division of Neonatology, Erasmus MC, University Medical Center Rotterdam, Rotterdam, 3015 GD, The Netherlands.
¹⁰ National Innovation Centre for Aging, Newcastle University, Newcastle upon Tyne, NE4 5TG, United Kingdom.
¹¹ Human-Centered Computing and Information Science, INESC TEC, Porto, 4200-465, Portugal.
¹² Centro de Investigación Biomédica en Red en Epidemiología y Salud Pública, Barcelona, 08003, Spain.
¹³ Centre for Legal Studies in Welfare and Market, Faculty of Law, University of Copenhagen, Copenhagen, DK-2300, Denmark.
¹⁴ Life and Medical Sciences (LIMES) Institute and Bonn Center for Mathematical Life Sciences, University of Bonn, Bonn, 53115, Germany.
¹⁵ Generation R Study Group, Erasmus MC, University Medical Center Rotterdam, Rotterdam, 3015 GD, The Netherlands.
¹⁶ Department of Pediatrics, Erasmus MC, University Medical Center Rotterdam, Rotterdam, 3015 GD, The Netherlands.
¹⁷ Epigeny, St. Ouen, France.
¹⁸ Department of ELSI Services and Research, BBMRI-ERIC, Graz, 8010, Austria.
¹⁹ Elizabeth Garrett Anderson Institute for Women's Health London, University College London, London, WC1E 6DE, United Kingdom.
²⁰ Obstetric, Perinatal, Paediatric and Life Course Epidemiology Team (OPPaLE), Center for Research in Epidemiology and StatisticS (CRESS), Institut National pour la Santé et la Recherche Médicale (INSERM, French Institute for Health and Medical Research), Institut National de Recherche pour l'Agriculture, l'Alimentation et l'Environnement (INRAe), Paris Cité University, Paris, 75010, France.
²¹ School of Social and Political Sciences, University of Glasgow, Glasgow, G12 8RT, United Kingdom.
²² German Human Genome-phenome Archive, DKFZ, Heidelberg, D-69120, Germany.
²³ School of Public Health, Imperial College London, London, W12 0BZ, United Kingdom.
²⁴ Department of Molecular Epidemiology, German Institute of Human Nutrition Potsdam-Rehbruecke, Nuthetal, 14558, Germany.
²⁵ Arjuna Technologies, Newcastle upon Tyne, NE4 5TG, United Kingdom.
²⁶ Population Health Sciences Institute, Newcastle University, Newcastle, NE2 4AX, United Kingdom.

PMID: 40191546
PMCID: PMC11968321
DOI: 10.1093/bioadv/vbaf046

Abstract

Motivation: The validity of epidemiologic findings can be increased using triangulation, i.e. comparison of findings across contexts, and by having sufficiently large amounts of relevant data to analyse. However, access to data is often constrained by practical considerations and by ethico-legal and data governance restrictions. Gaining access to such data can be time-consuming due to the governance requirements associated with data access requests to institutions in different jurisdictions.

Results: DataSHIELD is a software solution that enables remote analysis without the need for data transfer (federated analysis). DataSHIELD is a scientifically mature, open-source data access and analysis platform aligned with the 'Five Safes' framework, the international framework governing safe research access to data. It allows real-time analysis while mitigating disclosure risk through an active multi-layer system of disclosure-preventing mechanisms. This combination of real-time remote statistical analysis, disclosure prevention mechanisms, and federation capabilities makes DataSHIELD a solution for addressing many of the technical and regulatory challenges in performing the large-scale statistical analysis of health and biomedical data. This paper describes the key components that comprise the disclosure protection system of DataSHIELD. These broadly fall into three classes: (i) system protection elements, (ii) analysis protection elements, and (iii) governance protection elements.

Availability and implementation: Information about the DataSHIELD software is available in https://datashield.org/ and https://github.com/datashield.

PubMed Disclaimer

Conflict of interest statement

None declared.

Figures

**Figure 1.**
Schematic diagram showing the key DataSHIELD system protection elements.

**Figure 2.**
Schematic diagram showing the invocation flow where different disclosure checks and controls are applied during a statistical analysis process in DataSHIELD. Note that this Figure shows a simplified diagram of the invocation flow between the client and a single server. In a multi-site setting, the same flow is applied simultaneously in multiple servers.

**Figure 3.**
An illustration of the alignment of DataSHIELD with the Five Safes Framework.

See this image and copyright information in PMC

References

1. Austin C. 2020. The Open Science Ecosystem: A Systematic Framework Anchored in Values, Ethics and FAIRER Data. https://ssrn.com/abstract=3654298 (July 2024, date last accessed).
1. Avraam D, Wilson R, Butters O et al. Privacy preserving data visualizations. EPJ Data Sci 2021;10:1–34. - PMC - PubMed
1. Bamber D, Collins HE, Powell C et al. Development of a data classification system for preterm birth cohort studies: the RECAP Preterm project. BMC Med Res Methodol 2022;22:8. - PMC - PubMed
1. Banerjee S, Bishop T. dsSynthetic: synthetic data generation for the DataSHIELD federated analysis system. BMC Res Notes 2022;15:230. - PMC - PubMed
1. Banerjee S, Sofack GN, Papakonstantinou T et al. dsSurvival: privacy preserving survival models for federated individual patient meta-analysis in DataSHIELD. BMC Res Notes 2022;15:197. - PMC - PubMed

LinkOut - more resources

Full Text Sources
- PubMed Central
- Silverchair Information Systems

Save citation to file

Email citation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

DataSHIELD: mitigating disclosure risk in a multi-site federated analysis platform

Affiliations

DataSHIELD: mitigating disclosure risk in a multi-site federated analysis platform

Authors

Affiliations

Abstract

Conflict of interest statement

Figures

References

LinkOut - more resources

Full Text Sources