Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy & innovation digital enterprise

430 views

Published on

Privacy & innovation digital enterprise

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Privacy & innovation digital enterprise

  1. 1. Privacy  &  Innovation Sabrina  Kirrane,  Wirtschaftsuniversität Wien  
  2. 2. 2013 2014 2015 2016 2017 2018 Draft  of  the  regulation 7/22/2012 Revisions  in  the  draft 3/12/2013 Discussions  in  the  EU  Council 5/19/2014 EU  Council  finalises  the  chapters 8/6/2015 Trilogue  starts 6/24/2015 Trilogue  agrees 12/17/2015 Comes  into  force 5/15/2018 The  General  Data  Protection  Regulation
  3. 3. 2013 2014 2015 2016 2017 2018 Draft  of  the  regulation 7/22/2012 Revisions  in  the  draft 3/12/2013 Discussions  in  the  EU  Council 5/19/2014 EU  Council  finalises  the  chapters 8/6/2015 Trilogue  starts 6/24/2015 Trilogue  agrees 12/17/2015 Comes  into  force 5/15/2018 The  General  Data  Protection  Regulation
  4. 4. Slide 4 Taken  from  CNIL's  twitter  account Impact  for  data  subjects?
  5. 5. https://solutionsreview.com/data-­‐integration/the-­‐emergence-­‐of-­‐data-­‐lake-­‐pros-­‐and-­‐cons/ http://themerkle.com/slur-­‐io/http://www.miamidatavault.com/ Data Vault Data Market Data Lake Impact  on  data  driven  operations  &  Innovation?
  6. 6. Innovation  via  Anonymisation! Which  K should   we  use  for   K-­‐Anonymity? The  GDPR  does  not  apply  to  anonymous   data  where  the    data  subject  is  no  longer   identifiable.
  7. 7. K-­‐anonymity § A  record  cannot  be   distinguished  from  at   least  K-­‐1  others • Approach § Suppression  certain   values  of  the  attributes   are  replaced  by  an   asterisk § Generalization   individual  values  of   attributes  are  replaced   by  with  a  broader   category Samarati,  Pierangela,  and  Latanya Sweeney. Protecting  privacy  when  disclosing  information:  k-­‐anonymity  and  its  enforcement  through  generalization  and   suppression.  Technical  report,  SRI  International,  1998. Zipcode Age Disease 476** 2* Heart Disease 476** 2* Heart Disease 476** 2* Heart Disease 4790* ≥40 Flu 4790* ≥40 Heart Disease 4790* ≥40 Cancer 476** 3* Heart Disease 476** 3* Cancer 476** 3* Cancer A 3-anonymous patient table
  8. 8. Is  K-­‐Anonymity  enough? Zipcode Age Disease 476** 2* Heart Disease 476** 2* Heart Disease 476** 2* Heart Disease 4790* ≥40 Flu 4790* ≥40 Heart Disease 4790* ≥40 Cancer 476** 3* Heart Disease 476** 3* Cancer 476** 3* Cancer A 3-anonymous patient table Bob Zipcode Age 47678 27 Carl Zipcode Age 47673 36 Homogeneity Attack Background Knowledge Attack Machanavajjhala,  Ashwin,  et  al.  "l-­‐diversity:  Privacy  beyond  k-­‐anonymity." ACM  Transactions  on  Knowledge  Discovery  from  Data  (TKDD) 1.1  (2007):  3. K-anonymity has deficiencies when sensitive values in an equivalence class lack diversity or the attacker has background knowledge
  9. 9. Is  K-­‐Anonymity  &  L-­‐Diversity  enough? Bob Zip Age 47678 27 Zipcode Age Salary Disease 476** 2* 20K Gastric Ulcer 476** 2* 30K Gastritis 476** 2* 40K Stomach Cancer 4790* ≥40 50K Gastritis 4790* ≥40 100K Flu 4790* ≥40 70K Bronchitis 476** 3* 60K Bronchitis 476** 3* 80K Pneumonia 476** 3* 90K Stomach Cancer A 3-diverse patient table Conclusion o Bob’s salary is between [20k,40k]. o Bob has some stomach-related disease. L-diversity does not consider the semantic meanings of the sensitive values Similarity Attack Machanavajjhala,  Ashwin,  et  al.  "l-­‐diversity:  Privacy  beyond  k-­‐anonymity." ACM  Transactions  on  Knowledge  Discovery  from  Data  (TKDD) 1.1  (2007):  3. § Each  equivalence  class  has   at  least  L well-­‐represented   sensitive  values  
  10. 10. Is  K-­‐Anonymity,  L-­‐Diversity  &  T-­‐Closeness  enough? • Distribution  of  sensitive   attributes  within  each  quasi   identifier  group  should  be   “close”  to  their  distribution  in   the  entire  original  database Age Zipcode …… Gender Disease 2* 476** …… Male Flu 2* 476** …… Male Heart Disease 2* 476** …… Male Cancer . . . . . . …… …… …… . . . . . . ≥50 4766* …… * Gastritis A released table Age Zipcode …… Gender Disease * * …… * Flu * * …… * Heart Disease * * …… * Cancer . . . . . . …… …… …… . . . . . . * * …… * Gastritis A completely generalised table Li,  Ninghui,  Tiancheng Li,  and  Suresh  Venkatasubramanian.  "t-­‐closeness:  Privacy  beyond  k-­‐anonymity  and  l-­‐diversity." Data  Engineering,  2007.  ICDE   2007.  IEEE  23rd  International  Conference  on.  IEEE,  2007. There are other anonymisation approaches however it is getting harder and harder to guarantee anonymity! Bob Zip Age 47678 27 Conclusion o Bob could have Flu, Heart Disease or Cancer! Background Knowledge Attack
  11. 11. Is  K-­‐Anonymity,  L-­‐Diversity  &  T-­‐Closeness  enough? • A  layered  approach  to   anonymisationmay  be   needed • Even  then  K,  L &  T are   highly  dependent  on  the   data • Also,  there  is  a  tradeoff   between  anonymisation and  utility Which  K should   we  use  for   K-­‐Anonymity? Considering that it is getting harder and harder to guarantee anonymity, what is the alternative?
  12. 12. Innovation  via  consent &  transparency?
  13. 13. Innovation  via  consent &  transparency? What  level  of   consent  is   specific  enough? Can  we  adopt  a   soft  opt-­‐out   approach? Affirmative  action,  freely  given,  specific,   informed  and  unambiguous  indication
  14. 14. Innovation  via  consent &  transparency? Can  we  adopt  a   soft  opt-­‐out   approach?• Condition  of  use § Consent  will  not  be  valid  if  the  individual  has  no   choice  but  to  give  their  consent • Opt-­‐In § Research  shows  that  users  spend  almost  no  time   browsing  the  text  of  the  agreement  before   clicking  the  box § It  is  far  from  clear  that  the  opt-­‐in  model  achieves   the  goal  of  informed § Opt-­‐Out § Facilitates  innovation  while  still  safeguarding   autonomy § Suitably  prominent  opt-­‐out  box  might  help  to   establish  that  clicking  the  button  was  a  positive   indication  of  consent Vayena,  Effy,  Anna  Mastroianni,  and  Jeffrey  Kahn.  "Caught  in  the  web:  informed  consent  for  online  health  research."Sci Transl Med 5.173   (2013).
  15. 15. Innovation  via  consent &  transparency? What  level  of   consent  is   specific  enough? § We  need  a  non-­‐intrusive means  to   obtain  consent  for  new  usages § When  it  comes  to  data  driven  services   we  may  not  know  the  type  of  consent   we  need  a  priori • At  this  stage  it  is  difficult  to  say  what   constitutes  specific  enough
  16. 16. Innovation  via  consent  &  transparency? Do  we  have  to   delete  data  from   logs  &  backups? -­‐Personal  data  that  is  corrected,  used,   consulted  or  otherwise  processed -­‐time  limits  should  be  established -­‐rectification  or  deletion
  17. 17. Innovation  via  consent  &  transparency? Do  we  need    to   delete  data  from   logs  &  backups? • Time  limits  will  involve  a  major   cultural  change • In  the  case  of  rectification  it  may   suffice  to  update  data  in  the  line  of   business  application(s)   and  enter  a   new  record  in  the  log  indicating  that   the  data  was  updated  at  the  request   of  the  data  subject • It  might  be  possible  to  use   cryptographic   delete In the Era of Big Data how can we support consent and transparency at scale?
  18. 18. Payload'Data Permissions Semantification Policy'ingestion Compression'&'Encryption Persisting'policies'with''data: “Sticky”'Policies Policy>aware'Querrying: Data'Subsets/Filtering' Policies HDT SPECIAL APIs User'Control Dashboards Scalable  Policy-­‐awarE Linked  Data  arChitecture for  prIvacy,  trAnsparencyand  compLiance
  19. 19. Technical/Scientific  contact   Sabrina  Kirrane Vienna  University  of  Economics   and  Business sabrina.kirrane@wu.ac.at Adminsitrative contact   Philippe  Rohou ERCIM  W3C philippe.rohou@ercim.eu Scalable  Policy-­‐awarE Linked  Data  arChitecture for  prIvacy,  trAnsparencyand  compLiance

×