FAQ - Data about children with cancer in the cloud

As part of scientific research, researchers from different institutes work closely together. They do this to bring together knowledge and skills, and carry out their research faster and better. With that aim, the Princess Máxima Center already shares data from children with researchers outside the Máxima Center. This is done on the basis of strict agreements about the security and use of that data with partners.

Now, the Máxima Center will also make data from children with cancer more widely available via the cloud to researchers working on childhood cancer, in the Netherlands and abroad. This will enable even more, faster and better research. And the knowledge hidden in all that data can lead to new insights to improve the treatment of childhood cancer in the future.

Researchers in Máxima Center collect two types of data. Both of these types of data from children with cancer are stored in the cloud.

The first type concerns data on the diagnosis and treatment of children with cancer. For example, the type of tumor, the child's gender and age when the cancer was diagnosed, and their treatment protocol.

In addition, researchers use material from children with cancer in the Biobank – such as tumor tissue or blood – to make measurements in the lab. They only do this with the permission of parents and child. For example, they map changes in the DNA of the tumor and look at their effect on gene activity in the cancer cells.

The research data may only be used in the cloud when they are encrypted. This stops data collected for research from being traced back to individual children. According to the law, it is possible to trace the use of DNA data back to individuals. In practice, however, this is very difficult and unlikely: it requires complicated software, a lot of computing power and a large database with data on many people. The use of DNA data to trace people is also explicitly forbidden by law.

Only verified users – from the Máxima Center itself or from fellow researchers at other trusted institutions – are given access to our cloud environment. All users must complete training before being allowed into the cloud environment. Researchers only get access to the data they need to perform their tasks. They must always log in to the cloud environment with multi-factor authentication.

Some parts of our cloud environment are only accessible from the computer network in the Máxima Center for extra security.

The cloud is a way to make data easily and securely available from anywhere. The data is stored on servers in a data center within the EU. As a user, you can log in from anywhere to access that data.

More and more data is being produced in childhood cancer research. For example, all information about the DNA of one tumor is equal to 300GB of data. Medical images, such as CT or MRI scans, also use a lot of storage space. 

Research not only requires more and more storage space, but also an increasing amount of computing power. Otherwise it might take months to do research that would only take a few days with faster computers. 

The storage space, computing power and the programs to perform all those calculations taken together is called IT infrastructure. The IT infrastructure of the research department at the Máxima Center is no longer powerful enough to process the ever-growing amount of research data.

That is why the Princess Máxima Center uses cloud services from a commercial party. This ensures a faster, more flexible and cheaper way of working with large amounts of data. 

The Máxima Center uses so-called public cloud infrastructure. This type of service is provided, for example, by Google Cloud, Microsoft Azure and Amazon Web Services. These parties provide computing power and data storage from data centers around the world. The Máxima Center has made agreements with Google about the availability of storage and computer power, data security and who has access to the data stored there. The Máxima Center has control over the data, Google Cloud acts only as the so-called processing party. Google Cloud is audited for compliance with the agreements made. These audits are performed by external independent auditors.

No, the use of cloud services in the Máxima Center is only intended for research – particularly for our so-called preclinical research. For example, for research in the lab or with patient data, and not for research where a treatment is tested in children. 

The Máxima Center has agreed that all data that our researchers put on the Google Cloud Platform will only be stored and processed within the EU. Preferably on the Google server located in Groningen. For some applications and services we use data centers in other countries in the EU, for example in Belgium or Finland. 

No. In the contract with Google we agreed that they will not have access to our data and code. Google Cloud compliance and security are monitored by independent third parties. This provides certainty about security and access to the data. 

Google Cloud is one of the most secure providers of cloud services. They secure their data both physically (in the data centers) and digitally. 

All providers of cloud services, including Google Cloud, must comply with European (GDPR) and Dutch (AVG) privacy legislation. When storing data in the Netherlands, Google Cloud must also comply with all Dutch laws and regulations in the field of quality, security and privacy.

Safely handling privacy-sensitive data is an important core value of the Princess Máxima Center. We have applied this to all aspects of the technology we use, including the use of the cloud. In addition, our researchers are also responsible for carefully handling research data. They follow the national Code of Conduct for Health Research.

Only verified users – from the Máxima Center or fellow researchers at other institutions – are given access to our cloud environment. All users must complete training before being allowed into the cloud environment. Researchers only have access to the data they need to perform their tasks. They must always log in to the Google Cloud Platform with multi-factor authentication.

Some parts of our cloud environment are only accessible from the computer network in the Máxima Center for extra security.

The Máxima Center always retains control over the research data and its processing. For example, data stored on the Google Cloud Platform is encrypted when not in use. During calculation tasks, a Google administrator can gain access to the data, but we have expressly prohibited this in the agreements with Google. The Máxima Center carries out an annual security test to ensure that there are no weak spots in the security of our IT infrastructure.