Data protection regulations, such as the GDPR, ensure individuals' rights regarding processing of their personal data, including the 'right to be forgotten,' which mandates the opt-out and deletion of personal data from datasets at any stage. Homomorphic encryption enables arithmetic operations on encrypted numerical vectors while keeping the data and intermediate results hidden throughout the analysis process. This paper presents an implementation of the right to be forgotten using homomorphic encryption, designed for a real-world use case involving the collection and storage of clinical data in an international collaboration. We introduce methods for structuring data as collections of encrypted vectors and propose algorithms for privacy-preserving opt-out and verifiable data deletion. These algorithms are implemented and tested in a software prototype, with a performance analysis of their computational efficiency. Our approach provides a framework for patient withdrawal at any stage of a clinical trial, balancing the need for data privacy with the computational constraints of homomorphic encryption by structuring clinical datasets into encrypted vector collections.
Keywords: Clinical Data; Data Privacy; Homomorphic Encryption; Opt-Out; Privacy-Preserving Data Analysis.