scholarly journals Towards formalizing the GDPR’s notion of singling out

2020 ◽  
Vol 117 (15) ◽  
pp. 8344-8352 ◽  
Author(s):  
Aloni Cohen ◽  
Kobbi Nissim
Keyword(s):  
Data Privacy ◽  
Differential Privacy ◽  
Mathematical Thinking ◽  
Personal Data ◽  
Mathematical Concept ◽  
Release Mechanism ◽  
General Data Protection Regulation ◽  
Legal Standards ◽  
Statistical Disclosure Limitation ◽  
Data Release

There is a significant conceptual gap between legal and mathematical thinking around data privacy. The effect is uncertainty as to which technical offerings meet legal standards. This uncertainty is exacerbated by a litany of successful privacy attacks demonstrating that traditional statistical disclosure limitation techniques often fall short of the privacy envisioned by regulators. We define “predicate singling out,” a type of privacy attack intended to capture the concept of singling out appearing in the General Data Protection Regulation (GDPR). An adversary predicate singles out a dataset x using the output of a data-release mechanism M(x) if it finds a predicate p matching exactly one row in x with probability much better than a statistical baseline. A data-release mechanism that precludes such attacks is “secure against predicate singling out” (PSO secure). We argue that PSO security is a mathematical concept with legal consequences. Any data-release mechanism that purports to “render anonymous” personal data under the GDPR must prevent singling out and, hence, must be PSO secure. We analyze the properties of PSO security, showing that it fails to compose. Namely, a combination of more than logarithmically many exact counts, each individually PSO secure, facilitates predicate singling out. Finally, we ask whether differential privacy and k-anonymity are PSO secure. Leveraging a connection to statistical generalization, we show that differential privacy implies PSO security. However, and in contrast with current legal guidance, k-anonymity does not: There exists a simple predicate singling out attack under mild assumptions on the k-anonymizer and the data distribution.

scholarly journals Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain

2021 ◽  
Vol 11 (22) ◽  
pp. 10574
Author(s):  
Sung-Soo Jung ◽  
Sang-Joon Lee ◽  
Ieck-Chae Euom
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Audit ◽  
General Data ◽  
Data Controller ◽  
Data Subject

With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.

scholarly journals Clouded data: Privacy and the promise of encryption

2019 ◽  
Vol 6 (1) ◽  
pp. 205395171984878
Author(s):  
Luke Munn ◽  
Tsvetelina Hristova ◽  
Liam Magee
Keyword(s):  
Data Privacy ◽  
Differential Privacy ◽  
Homomorphic Encryption ◽  
Personal Data ◽  
Individual Identification ◽  
Student Survey ◽  
Public And Private ◽  
The Public ◽  
Synthetic Datasets ◽  
Computational Resources

Personal data is highly vulnerable to security exploits, spurring moves to lock it down through encryption, to cryptographically ‘cloud’ it. But personal data is also highly valuable to corporations and states, triggering moves to unlock its insights by relocating it in the cloud. We characterise this twinned condition as ‘clouded data’. Clouded data constructs a political and technological notion of privacy that operates through the intersection of corporate power, computational resources and the ability to obfuscate, gain insights from and valorise a dependency between public and private. First, we survey prominent clouded data approaches (blockchain, multiparty computation, differential privacy, and homomorphic encryption), suggesting their particular affordances produce distinctive versions of privacy. Next, we perform two notional code-based experiments using synthetic datasets. In the field of health, we submit a patient’s blood pressure to a notional cloud-based diagnostics service; in education, we construct a student survey that enables aggregate reporting without individual identification. We argue that these technical affordances legitimate new political claims to capture and commodify personal data. The final section broadens the discussion to consider the political force of clouded data and its reconstitution of traditional notions such as the public and the private.

Anonymization, tokenization, encryption. How to recover unrecoverable data

2018 ◽  
Vol 0 (6/2017) ◽  
pp. 9-13
Author(s):  
Olga Dzięgielewska
Keyword(s):  
Risk Analysis ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
Insider Threat ◽  
General Data Protection Regulation ◽  
Analysis Phase ◽  
Data Layer ◽  
General Data ◽  
Financial Consequences

The data privacy is currently vastly commented topic among all the organizations which process personal data due to the introduction of the European Union’s General Data Protection Regulation. Existing methods of data protection are believed to be sufficient as they meet the risk-based approach requirements in every mature organization, yet the number of publicly known data breaches confirms that this assumption is false. The aftermath of such incidents in countless cases prove that the risk-based approach failed as the reputational and financial consequences by far exceed the original estimations. This paper stressed the importance of the data layer protection from the planning, through design, until maintenance stages in the database lifecycle, as numerous attack vectors originating from the insider threat and targeting the data layer still sneak through unnoticed during the risk analysis phase.

scholarly journals The Differential Privacy Corner: What has the US Backed Itself Into?

2019 ◽  
Vol 4 (3) ◽  
Author(s):  
Amy O'Hara ◽  
Quentin Brummet
Keyword(s):  
Data Privacy ◽  
Differential Privacy ◽  
Legal Framework ◽  
Census Bureau ◽  
Complex Data ◽  
Demographic Groups ◽  
Statistical Disclosure Limitation ◽  
The Us ◽  
Other Information ◽  
Us Census

An expanding body of data privacy research reveals that computational advances and ever-growing amounts of publicly retrievable data increase re-identification risks. Because of this, data publishers are realizing that traditional statistical disclosure limitation methods may not protect privacy. This paper discusses the use of differential privacy at the US Census Bureau to protect the published results of the 2020 census. We first discuss the legal framework under which the Census Bureau intends to use differential privacy. The Census Act in the US states that the agency must keep information confidential, avoiding “any publication whereby the data furnished by any particular establishment or individual under this title can be identified.” The fact that Census may release fewer statistics in 2020 than in 2010 is leading scholars to parse the meaning of identification and reevaluate the agency’s responsibility to balance data utility with privacy protection. We then describe technical aspects of the application of differential privacy in the U.S. Census. This data collection is enormously complex and serves a wide variety of users and uses -- 7.8 billion statistics were released using the 2010 US Census. This complexity strains the application of differential privacy to ensure appropriate geographic relationships, respect legal requirements for certain statistics to be free of noise infusion, and provide information for detailed demographic groups. We end by discussing the prospects of applying formal mathematical privacy to other information products at the Census Bureau. At present, techniques exist for applying differential privacy to descriptive statistics, histograms, and counts, but are less developed for more complex data releases including panel data, linked data, and vast person-level datasets. We expect the continued development of formally private methods to occur alongside discussions of what privacy means and the policy issues involved in trading off protection for accuracy.

Data Protection Commissioner v. Facebook Ireland Ltd. and Maximillian Schrems (C.J.E.U.)

2021 ◽  
Vol 60 (1) ◽  
pp. 53-98
Author(s):  
Michael S. Aktipis ◽  
Ron B. Katwan
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
The United States ◽  
Transfer Mechanism ◽  
The European Union ◽  
Privacy Concerns ◽  
General Data Protection Regulation ◽  
General Data ◽  
The Eu

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its ruling in Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems, commonly known as Schrems II, invalidating the EU–U.S. Privacy Shield as a valid transfer mechanism under the EU's General Data Protection Regulation (GDPR) and creating significant legal uncertainty for the continued availability of another widely used transfer mechanism, Standard Contractual Clauses (SCCs), for transfers of EU personal data from commercial entities in the EU to the United States. The widely anticipated ruling marked the second time in five years that the CJEU had invalidated the legal foundation for such data transfers, which in both cases had been the result of a carefully negotiated compromise balancing European data privacy concerns with statutory and constitutional limitations of the U.S. system (see Schrems I).

scholarly journals Designing a Distributed Ledger Technology System for Interoperable and General Data Protection Regulation–Compliant Health Data Exchange: A Use Case in Blood Glucose Data (Preprint)

2019 ◽  
Author(s):  
David Hawig ◽  
Chao Zhou ◽  
Sebastian Fuhrhop ◽  
Andre S Fialho ◽  
Navin Ramachandran
Keyword(s):  
Blood Glucose ◽  
Data Privacy ◽  
Data Exchange ◽  
Personal Data ◽  
Use Case ◽  
Concept System ◽  
General Data Protection Regulation ◽  
The Public ◽  
Distributed Ledger ◽  
General Data

BACKGROUND Distributed ledger technology (DLT) holds great potential to improve health information exchange. However, the immutable and transparent character of this technology may conflict with data privacy regulations and data processing best practices. OBJECTIVE The aim of this paper is to develop a proof-of-concept system for immutable, interoperable, and General Data Protection Regulation (GDPR)–compliant exchange of blood glucose data. METHODS Given that there is no ideal design for a DLT-based patient-provider data exchange solution, we proposed two different variations for our proof-of-concept system. One design was based purely on the public IOTA distributed ledger (a directed acyclic graph-based DLT) and the second used the same public IOTA ledger in combination with a private InterPlanetary File System (IPFS) cluster. Both designs were assessed according to (1) data reversal risk, (2) data linkability risks, (3) processing time, (4) file size compatibility, and (5) overall system complexity. RESULTS The public IOTA design slightly increased the risk of personal data linkability, had an overall low processing time (requiring mean 6.1, SD 1.9 seconds to upload one blood glucose data sample into the DLT), and was relatively simple to implement. The combination of the public IOTA with a private IPFS cluster minimized both reversal and linkability risks, allowed for the exchange of large files (3 months of blood glucose data were uploaded into the DLT in mean 38.1, SD 13.4 seconds), but involved a relatively higher setup complexity. CONCLUSIONS For the specific use case of blood glucose explored in this study, both designs presented a suitable performance in enabling the interoperable exchange of data between patients and providers. Additionally, both systems were designed considering the latest guidelines on personal data processing, thereby maximizing the alignment with recent GDPR requirements. For future works, these results suggest that the conflict between DLT and data privacy regulations can be addressed if careful considerations are made regarding the use case and the design of the data exchange system.

scholarly journals Study on the Technical Evaluation of De-Identification Procedures for Personal Data in the Automotive Sector

2021 ◽  
Author(s):  
Kai Rannenberg ◽  
Sebastian Pape ◽  
Frédéric Tronnier ◽  
Sascha Löbner
Keyword(s):  
Data Privacy ◽  
Differential Privacy ◽  
Homomorphic Encryption ◽  
Personal Data ◽  
Legal Aspects ◽  
Use Cases ◽  
Use Case ◽  
User Privacy ◽  
External Data ◽  
Identification Techniques

The aim of this study was to identify and evaluate different de-identification techniques that may be used in several mobility-related use cases. To do so, four use cases have been defined in accordance with a project partner that focused on the legal aspects of this project, as well as with the VDA/FAT working group. Each use case aims to create different legal and technical issues with regards to the data and information that are to be gathered, used and transferred in the specific scenario. Use cases should therefore differ in the type and frequency of data that is gathered as well as the level of privacy and the speed of computation that is needed for the data. Upon identifying use cases, a systematic literature review has been performed to identify suitable de-identification techniques to provide data privacy. Additionally, external databases have been considered as data that is expected to be anonymous might be reidentified through the combination of existing data with such external data. For each case, requirements and possible attack scenarios were created to illustrate where exactly privacy-related issues could occur and how exactly such issues could impact data subjects, data processors or data controllers. Suitable de-identification techniques should be able to withstand these attack scenarios. Based on a series of additional criteria, de-identification techniques are then analyzed for each use case. Possible solutions are then discussed individually in chapters 6.1 - 6.2. It is evident that no one-size-fits-all approach to protect privacy in the mobility domain exists. While all techniques that are analyzed in detail in this report, e.g., homomorphic encryption, differential privacy, secure multiparty computation and federated learning, are able to successfully protect user privacy in certain instances, their overall effectiveness differs depending on the specifics of each use case.

scholarly journals Can Visual Design Provide Legal Transparency? The Challenges for Successful Implementation of Icons for Data Protection

Design Issues ◽  
2020 ◽  
Vol 36 (3) ◽  
pp. 82-96
Author(s):  
Arianna Rossi ◽  
Monica Palmirani
Keyword(s):  
Data Protection ◽  
Participatory Design ◽  
Data Privacy ◽  
Personal Data ◽  
Successful Implementation ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data ◽  
Legal Ontologies ◽  
Machine Readable

Design is a key player in the future of data privacy and data protection. The General Data Protection Regulation (GDPR) established by the European Union aims to rebalance the information asymmetry between the organizations that process personal data and the individuals to which that data refers. Machine-readable, standardized icons that present a “meaningful overview of the intended processing” are suggested by the law as a tool to enhance the transparency of information addressed to data subjects. However, no specific guidelines have been provided, and studies on privacy iconography are very few. This article describes research conducted on the creation and evaluation of icons representing data protection concepts. First, we introduce the methodology used to design the Data Protection Icon Set (DaPIS): participatory design methods combined with legal ontologies and machine-readable representations. Second, we discuss some of the challenges that have been faced in the development and evaluation of DaPIS and similar icon sets. Third, we provide some tentative responses and indicate a way forward for evaluation of the effectiveness of privacy icons and their widespread adoption.

scholarly journals Towards Secure Data Flow Oriented Multi-Vendor ICT Governance Model

2018 ◽  
Vol 6 (3) ◽  
pp. 1-8
Author(s):  
Lars Magnusson ◽  
Patrik Elm ◽  
Anita Mirijamdotter
Keyword(s):  
Data Privacy ◽  
Ad Hoc ◽  
System Development ◽  
Implementation Strategies ◽  
Personal Data ◽  
Cloud Services ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Governance Model ◽  
The Right

Today, still, ICT Governance is being regarded as a departmental concern, not an overall organizational concern. History has shown us that implementation strategies, which are based on departments, results in fractional implementations leading to ad hoc solutions with no central control and stagnation for the in-house ICT strategy. Further, this recently has created an opinion trend; many are talking about the ICT department as being redundant, a dying out breed, which should be replaced by on-demand specialized external services. Clearly, the evermore changing surroundings do force organizations to accelerate the pace of new adaptations within their ICT plans, more vivacious than most organizations currently is able to. This leads to that ICT departments tend to be reactive rather than acting proactively and take the lead in the increased transformation pace in which organizations find themselves. Simultaneously, the monolithic systems of the 1980ies/1990ies is often very dominating in an organization, consume too much of the yearly IT budget, leaving healthy system development behind. These systems were designed before data became an organizational all-encompassing resource; the systems were designed more or less in isolation in regards to the surrounding environment. These solutions make data sharing costly and not at all optimal. Additionally, in strives to adapt to the organization’s evolution, the initial architecture has become disrupted and built up in shreds. Adding to this, on May 25, 2018, an upgraded EU Privacy Regulation on General Data Protection Regulation (GDPR) will be activated. This upgraded privacy regulation includes a substantial strengthening of 1994’s data privacy regulation, which will profoundly affect EU organizations. This regulation will, among other things, limit the right to collect and process personal data and will give the data subject all rights to his/her data sets, independentof where this data is/has been collected and by whom. Such regulation force data collecting and processingorganizations to have total control over any personal data collected and processed. This includes detailedunderstanding of data flows, including who did what and when and under who’s authorization, and how data istransported and stored. Concerning data/information flows, maps are a mandatory part of the system documentation. This encompasses all systems, including outsourced such as cloud services. Hence, individual departments cannot any longer claim they “own” data. Further, since mid-2000, we have seen aglobal inter-organizational data integration, independent of organizations, public or private. If this integration ceasesto exist, the result will be a threat to the survival of the organization. Additionally, if the organization fails to providea transparent documentation according to the GDPR, substantial economic risk is at stake. So, the discussion aboutthe ICT departments’ demise is inapt. Any organizational change will require costly and time-consuming ICTdevelopment efforts to adapt to the legislation of today’s situation. Further, since data nowadays is interconnectedand transformed at all levels, interacting at multiple intersections all over the organization, and becoming a unifiedbase of all operative decisions, an ICT governance model for the organization is required.

Web Data and the Relationship Between the General Data Protection Regulation in Europe and Brazil

2021 ◽  
pp. 222-233
Author(s):  
Moisés Rockembach ◽  
Armando Malheiro da Silva
Keyword(s):  
Business Model ◽  
Data Protection ◽  
Data Privacy ◽  
Ethical Issues ◽  
Personal Data ◽  
Web Data ◽  
General Data Protection Regulation ◽  
Regulatory Instruments ◽  
General Data ◽  
The Relationship

From the consolidation of the application of European data protection regulations and the recent adoption of Brazilian data protection regulations, we are faced with a scenario that crosses borders. In a world marked by companies whose business model is the analysis and commercialization of personal data and of governments that use their citizens' data for control and surveillance, it is imperative to discuss the necessary characteristics to foster a society that respects ethical and legal values regarding data privacy and consented uses there; the authors address concepts and cases that they consider important for the establishment of reflections on the use of web data. They also take into account ethical issues and regulatory instruments in Europe and Brazil, analyzing the strongness and weaknesses in the implementation of data protection and privacy.

Sign in / Sign up

Export Citation Format

Share Document