Omar Ali Fdal, profile picture
Uploaded byOmar Ali Fdal
PDF, PPTX529 views

Privacy preserving Data Sharing - PyData Berlin 2018

The document discusses privacy-preserving data sharing, covering privacy definitions, historical mechanisms such as pseudonymization, k-anonymity, and differential privacy. It highlights the challenges of protecting individual privacy while balancing societal benefits from data sharing, exemplified by cases like the Cambridge Analytica scandal. The text concludes with the importance of adopting robust privacy mechanisms and acknowledges that maintaining privacy in data release remains an ongoing research challenge.

Embed presentation

Download as PDF, PPTX
Privacy-preserving Data Sharing PyData Berlin 2018 Omar Ali Fdal - omar@statice.io http://statice.io
Plan ● Privacy notion and expectation ● A brief history of privacy-preserving mechanisms ○ Pseudonymization ○ k-Anonymity ○ Differential privacy ○ Data synthesization ● Final notes 2
Privacy Notion and Expectation 3
Privacy English dictionary definition: - A state in which one is not observed or disturbed by other people ● Lack of privacy => behavioral change ● Fundamental to a free society ○ Anonymous voting guarantees freedom of choice https://weburbanist.com/2014/05/15/real-life-panopticons-deserted-dystopian-prisons-in-cuba/ Panopticon 4
Privacy in the present ● Digital tracking everywhere ● Social circle, browsing habits, shopping details, location tracking, emails, calls, ... 5
Privacy: all or nothing? ● Privacy is not necessarily complete non-disclosure ● Sharing sensitive information is common when it makes sense ○ With your doctor, tax accountant, etc. 6
Why share data in the first place? ● Society benefits from individuals sharing their data ○ Medical advances ○ Sociological research, understanding society dynamics ● Examples: ○ Tracking commute patterns to improve public transport networks ○ Detect epidemia and act fast by looking at search engine disease queries/medicine orders 7
Privacy: a challenging constraint ● Non-trivial constraint ○ Protecting privacy of individual people 8
A Brief History of Privacy Preservation Mechanisms 9
Illustration Dataset 10
Personally Identifying Information 11
Illustration: Cambridge Analytica ● Infamous leak involved Personally Identifiable Information of over 50 million people https://www.theguardian.com/technology/2018/mar/17/facebook-cambridge-analytica-kogan-data-algorithm 12
Solution? Remove all “Personally Identifying Information” ● A.k.a ○ Pseudonymization ○ Sanitization ○ De-identification ○ Anonymization 13
Information not unique to you: "quasi-identifiers" 14
Illustration: Massachussets Governor leak Sweeney, Latanya. Weaving Technology and Policy Together to Maintain Confidentiality. Journal of Law, Medicine and Ethics, Vol. 25 1997, p. 98-110 15
Fingerprint-like information ● On its own, a fingerprint seems cryptic ● Around 100 minutiae in a fingerprint ● Experts declare a fingerprint match if 12 minutiae match ● Precise identification is possible if fingerprints are indexed and queryable 16
Illustration: Netflix Movie Preferences Join movie ratings Ratings of only 4-5 movies allowed successful identification of a large number of users was possible 17Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. InSecurity and Privacy, 2008. SP 2008. IEEE Symposium on 2008 May 18 (pp. 111-125). IEEE.
Illustration: Strava Running tracks French Military Base in MaliHeatmap 30 million runners worldwide Not that many in the Sahara 18
And many more ... ● Search queries ● Browser configuration 19
Common issue: Linkage Attack ● With an auxiliary dataset an attacker can “link” the pseudonymous data ● Auxiliary dataset may or may not be obtained legally ● Auxiliary dataset may contain Personally Identifiable Information 20
Take-away: Pseudonymization is not enough ● “We do not share information of data in any personally identifiable form” -- Serial Pseudonymizer ● Still the most used today in data release 21
Solution? K-anonymity: avoiding unique joins ● Avoid a unique join based on the “quasi-identifiers” attributes ● Each combination of quasi-identifiers appears at least in k rows ● Using Suppression - Generalization - Binning - Top-coding 22 Sweeney L. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems. 2002 Oct;10(05):557-70.
K-anonymity: Example 23 Original dataset 3-anonymous dataset
K-anonymity: Linkage protection 24 Record to be linked 3-anonymous dataset
K-anonymity issues 25 Records to be linked 3-anonymous dataset ● Lack of diversity ● Background knowledge
K-anonymity: superficial linkage avoiding ● A syntactic guarantee ● Makes strong assumptions about attack scenario: ○ no external knowledge ● Curse of dimensionality ○ Hard to achieve in high dimensional spaces 26
Take-away: assume the worst ● Do not assume anything about the attack scenario ○ Resourceful attacker ○ Access to auxiliary information ● Any method trying to preserve privacy needs to take this into account 27
Privacy Promise: Opt-out scenario ● My data must have no effect on any analysis carried on on the dataset ● Problem: if nobody’s data has no effect on any analysis then there will be no utility. 28
Privacy Promise: Inference Protection ● I have a secret, denoted secret(me) ● Given any result of any analysis carried on a dataset, I expect: Pr(secret(me) | result) = Pr(secret(me)) ● Problem: ○ if the secret does not concern only me, i.e. can be generally learned from other people, then the result will affect me even if my data is not part of the dataset 29
Privacy Promise: what can we expect? ● A tradeoff ○ With or without my data, any outcome of any analysis based on a given dataset is almost equally likely ○ The impact on me sharing information in the dataset will be limited to the general learnings not the specifics of my information 30
Privacy Promise: differential privacy 31 Possible world including my data (D') Possible world excluding my data (D) Result R Given a result R, it should not be possible to guess whether my data was included or not in the dataset Dwork C, McSherry F, Nissim K, Smith A. Calibrating noise to sensitivity in private data analysis. InTheory of cryptography conference 2006 Mar 4 (pp. 265-284). Springer, Berlin, Heidelberg.
Differential Privacy implementation: The Laplace Mechanism Where is the global sensitivity of the function It represents the maximum contribution of a single record in the dataset. The ratio of the distributions is bounded by 32
Differential Privacy: advantages ● No assumptions about the attack scenario ● Formal theoretical definition ● Composition theorems to reason about complex computations 33
Differential Privacy: drawbacks ● Reason about multiple queries, setting a privacy budget ○ If a user asks the same query multiple times she might be able to remove the noise and deduce the true answer ● Hard to devise a differentially private mechanism in complex cases ● Limited adoption 34
Differential Privacy: Data Release? ● Release of aggregates (histograms) ○ US Census Bureau case ○ Challenge: maintain consistency across datasets ● What if we want to release data at the same granularity? 35
Data Synthesization: illustration ● US army anthropometric data 36
Data Synthesization: illustration ● US army synthetic anthropometric data based on the learned joint distribution 37
Differentially Private Synthesization ● Estimate the joint distribution in a differentially private way 38
Data Synthesization: Applications ● Test data in development phases ● Limit access to real data and replace it with synthetic data when possible ● Share synthetic data for exploration purposes 39
Final Notes ● Pseudonymization is not anonymization, do not use it ● Legal constraints (e.g. GDPR) are a trigger for organizations to use better privacy-preserving mechanisms ● Privacy-preserving data release is an open research question 40
References ● Sweeney, Latanya. Weaving Technology and Policy Together to Maintain Confidentiality. Journal of Law, Medicine and Ethics, Vol. 25 1997, p. 98-110 ● Sweeney L. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems. 2002 Oct;10(05):557-70. ● Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. InSecurity and Privacy, 2008. SP 2008. IEEE Symposium on 2008 May 18 (pp. 111-125). IEEE. ● Dwork C, McSherry F, Nissim K, Smith A. Calibrating noise to sensitivity in private data analysis. InTheory of cryptography conference 2006 Mar 4 (pp. 265-284). Springer, Berlin, Heidelberg. ● Nissim K, Steinke T, Wood A, Altman M, Bembenek A, Bun M, Gaboardi M, O’Brien DR, Vadhan S. Differential Privacy: A Primer for a Non-technical Audience. Working Group Privacy Tools Sharing Res. Data, Harvard Univ., Boston, MA, USA, Tech. Rep. TR-2017-03. 2017 May 7. ● Dwork C, Roth A. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science. 2014 Aug 11;9(3–4):211-407. 41

More Related Content

PDF
DATA & PRIVACY PROTECTION Anna Monreale Università di Pisa
byLaboratorio di Cultura Digitale, labcd.humnet.unipi.it
 
PDF
Differential privacy and ml
bySamuel Witherspoon
 
PPTX
Privacy-preserving Data Mining in Industry (WWW 2019 Tutorial)
byKrishnaram Kenthapadi
 
PPTX
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...
byKrishnaram Kenthapadi
 
PPTX
Privacy-preserving Data Mining in Industry (WSDM 2019 Tutorial)
byKrishnaram Kenthapadi
 
PDF
De-anonymizing, Preserving and Democratizing Data Privacy and Ownership
byIIIT Hyderabad
 
PPTX
The Future Of Threat Intelligence Platforms
byDr. Paolo Di Prodi
 
PDF
Differential privacy and applications to location privacy
byPôle Systematic Paris-Region
 
DATA & PRIVACY PROTECTION Anna Monreale Università di Pisa
byLaboratorio di Cultura Digitale, labcd.humnet.unipi.it
 
Differential privacy and ml
bySamuel Witherspoon
 
Privacy-preserving Data Mining in Industry (WWW 2019 Tutorial)
byKrishnaram Kenthapadi
 
Privacy-preserving Data Mining in Industry: Practical Challenges and Lessons ...
byKrishnaram Kenthapadi
 
Privacy-preserving Data Mining in Industry (WSDM 2019 Tutorial)
byKrishnaram Kenthapadi
 
De-anonymizing, Preserving and Democratizing Data Privacy and Ownership
byIIIT Hyderabad
 
The Future Of Threat Intelligence Platforms
byDr. Paolo Di Prodi
 
Differential privacy and applications to location privacy
byPôle Systematic Paris-Region
 

Similar to Privacy preserving Data Sharing - PyData Berlin 2018

PDF
Secure Software Design for Data Privacy
byNarudom Roongsiriwong, CISSP
 
PDF
Differential privacy (개인정보 차등보호)
byYoung-Geun Choi
 
PPT
Introduction to Privacy Settings and Cyber Safety
byAviAuerbachAvila1
 
PPT
Privacy preserving dm_ppt
bySagar Verma
 
PPT
hel29999999999999999999999999999999999999999999.ppt
bygealehegn
 
PDF
Data Science at Intersection of Security and Privacy
byTarun Chopra
 
PPTX
Functional anonymisation - risk management in a data environment
byJisc
 
PDF
78201919
byIJRAT
 
PDF
78201919
byIJRAT
 
PDF
In:Confidence 2019 - Tools for privacy-aware data analysis
byPrivitar
 
PPTX
Privacy preserving in data mining with hybrid approach
byNarendra Dhadhal
 
PDF
Altman - Perfectly Anonymous Data is Perfectly Useless Data
byNational Information Standards Organization (NISO)
 
PDF
Data Anonymization for Privacy Preservation in Big Data
byrahulmonikasharma
 
PDF
HCMUT IMP Computer Science 20 - E-Government from the view of Privacy
byDuc Lai Trung Minh
 
PDF
Implementation_of_laplacian_differential_privacy_with_varying_epsilonv3.pdf
byJibran24
 
DOCX
M privacy for collaborative data publishing
byLeMeniz Infotech
 
PDF
Privacy Preserving Aggregate Statistics for Mobile Crowdsensing
byIJSRED
 
PDF
Problems in Technology to Use Anonymized Personal Data
byHiroshi Nakagawa
 
PDF
Privacy log files
byJonathanOliver26
 
PDF
Preserving Privacy and Utility in Text Data Analysis
byTom Diethe
 
Secure Software Design for Data Privacy
byNarudom Roongsiriwong, CISSP
 
Differential privacy (개인정보 차등보호)
byYoung-Geun Choi
 
Introduction to Privacy Settings and Cyber Safety
byAviAuerbachAvila1
 
Privacy preserving dm_ppt
bySagar Verma
 
hel29999999999999999999999999999999999999999999.ppt
bygealehegn
 
Data Science at Intersection of Security and Privacy
byTarun Chopra
 
Functional anonymisation - risk management in a data environment
byJisc
 
78201919
byIJRAT
 
78201919
byIJRAT
 
In:Confidence 2019 - Tools for privacy-aware data analysis
byPrivitar
 
Privacy preserving in data mining with hybrid approach
byNarendra Dhadhal
 
Altman - Perfectly Anonymous Data is Perfectly Useless Data
byNational Information Standards Organization (NISO)
 
Data Anonymization for Privacy Preservation in Big Data
byrahulmonikasharma
 
HCMUT IMP Computer Science 20 - E-Government from the view of Privacy
byDuc Lai Trung Minh
 
Implementation_of_laplacian_differential_privacy_with_varying_epsilonv3.pdf
byJibran24
 
M privacy for collaborative data publishing
byLeMeniz Infotech
 
Privacy Preserving Aggregate Statistics for Mobile Crowdsensing
byIJSRED
 
Problems in Technology to Use Anonymized Personal Data
byHiroshi Nakagawa
 
Privacy log files
byJonathanOliver26
 
Preserving Privacy and Utility in Text Data Analysis
byTom Diethe
 

Recently uploaded

PPTX
project physics.pptx for class 12th students for therir schhol and enough
bykhantdevanshi12
 
PPTX
Vector Space Modelin Information Storage and Retrieval .pptx
byhermelamisganew
 
PPTX
Big Data Analytics Introduction & Applications.pptx
byprabha345213
 
PDF
Phisher Detection in Ethererum Transaction Networks
byKhushiNaik16
 
PPTX
Statistical Analysis for Researchers - Presentation - Lecture Three.pptx
byAmgad Fahmy
 
PDF
AI 21.pdf Learn How AI Tools Optimize Decision Making, Marketing, HR, and More
byCA Suvidha Chaplot
 
DOCX
AI_ML_Project_Ideas_Chennai_Presentation.docx
bytoptechdevelopers001
 
PPTX
Testing-Results-and-Outcomes (1).pptx dfw
bySrini Vasan
 
PPTX
ict_presentation_final_final_final[1].pptx
bysaadabdulghafoor24
 
PPTX
Ch6 Automata & Complexity Theory 2016.pptx
bytechnologyn387
 
PDF
NY26_Gov.uk_List__Final__18_12_25.pdf New Years Honours 2026
byHenry Tapper
 
PPT
unit-3 Introduction to drawing and instruments part-2.ppt
byalemayehuc1
 
PDF
(25633) PEDAMARAN_TIMUR-PANCAWARNA_TPS 1.pdf
bysoemaryheart
 
PDF
Airport Familiarization.pdffffffffffffffff
byamreentahamaqbool8b
 
PPTX
RAG_classnoteswith having various ways of publishing the model.pptx
byanjaneyav00
 
PPT
unit-3 Introduction to drawing part-1.ppt
byalemayehuc1
 
PPTX
1-FUEL IN A DIESEL ENGINE UNDERSTANDING AND KNOWLEDGE CONCEPTS
byMarkFenwick10
 
PPTX
How to Increase Govt. Local Body Revenue
byNavpal Singh
 
PPTX
Investment and Portfilio. Group no 1.pptx
byAhtshamUlHaq10
 
PDF
CLINICO-SOCIAL CASE DISCUSSION-antenatal
bymlaksh790
 
project physics.pptx for class 12th students for therir schhol and enough
bykhantdevanshi12
 
Vector Space Modelin Information Storage and Retrieval .pptx
byhermelamisganew
 
Big Data Analytics Introduction & Applications.pptx
byprabha345213
 
Phisher Detection in Ethererum Transaction Networks
byKhushiNaik16
 
Statistical Analysis for Researchers - Presentation - Lecture Three.pptx
byAmgad Fahmy
 
AI 21.pdf Learn How AI Tools Optimize Decision Making, Marketing, HR, and More
byCA Suvidha Chaplot
 
AI_ML_Project_Ideas_Chennai_Presentation.docx
bytoptechdevelopers001
 
Testing-Results-and-Outcomes (1).pptx dfw
bySrini Vasan
 
ict_presentation_final_final_final[1].pptx
bysaadabdulghafoor24
 
Ch6 Automata & Complexity Theory 2016.pptx
bytechnologyn387
 
NY26_Gov.uk_List__Final__18_12_25.pdf New Years Honours 2026
byHenry Tapper
 
unit-3 Introduction to drawing and instruments part-2.ppt
byalemayehuc1
 
(25633) PEDAMARAN_TIMUR-PANCAWARNA_TPS 1.pdf
bysoemaryheart
 
Airport Familiarization.pdffffffffffffffff
byamreentahamaqbool8b
 
RAG_classnoteswith having various ways of publishing the model.pptx
byanjaneyav00
 
unit-3 Introduction to drawing part-1.ppt
byalemayehuc1
 
1-FUEL IN A DIESEL ENGINE UNDERSTANDING AND KNOWLEDGE CONCEPTS
byMarkFenwick10
 
How to Increase Govt. Local Body Revenue
byNavpal Singh
 
Investment and Portfilio. Group no 1.pptx
byAhtshamUlHaq10
 
CLINICO-SOCIAL CASE DISCUSSION-antenatal
bymlaksh790
 

Privacy preserving Data Sharing - PyData Berlin 2018

  • 1.
    Privacy-preserving Data Sharing PyDataBerlin 2018 Omar Ali Fdal - omar@statice.io http://statice.io
  • 2.
    Plan ● Privacy notionand expectation ● A brief history of privacy-preserving mechanisms ○ Pseudonymization ○ k-Anonymity ○ Differential privacy ○ Data synthesization ● Final notes 2
  • 3.
    Privacy Notion andExpectation 3
  • 4.
    Privacy English dictionary definition: -A state in which one is not observed or disturbed by other people ● Lack of privacy => behavioral change ● Fundamental to a free society ○ Anonymous voting guarantees freedom of choice https://weburbanist.com/2014/05/15/real-life-panopticons-deserted-dystopian-prisons-in-cuba/ Panopticon 4
  • 5.
    Privacy in thepresent ● Digital tracking everywhere ● Social circle, browsing habits, shopping details, location tracking, emails, calls, ... 5
  • 6.
    Privacy: all ornothing? ● Privacy is not necessarily complete non-disclosure ● Sharing sensitive information is common when it makes sense ○ With your doctor, tax accountant, etc. 6
  • 7.
    Why share datain the first place? ● Society benefits from individuals sharing their data ○ Medical advances ○ Sociological research, understanding society dynamics ● Examples: ○ Tracking commute patterns to improve public transport networks ○ Detect epidemia and act fast by looking at search engine disease queries/medicine orders 7
  • 8.
    Privacy: a challengingconstraint ● Non-trivial constraint ○ Protecting privacy of individual people 8
  • 9.
    A Brief Historyof Privacy Preservation Mechanisms 9
  • 10.
  • 11.
  • 12.
    Illustration: Cambridge Analytica ●Infamous leak involved Personally Identifiable Information of over 50 million people https://www.theguardian.com/technology/2018/mar/17/facebook-cambridge-analytica-kogan-data-algorithm 12
  • 13.
    Solution? Remove all “PersonallyIdentifying Information” ● A.k.a ○ Pseudonymization ○ Sanitization ○ De-identification ○ Anonymization 13
  • 14.
    Information not uniqueto you: "quasi-identifiers" 14
  • 15.
    Illustration: Massachussets Governorleak Sweeney, Latanya. Weaving Technology and Policy Together to Maintain Confidentiality. Journal of Law, Medicine and Ethics, Vol. 25 1997, p. 98-110 15
  • 16.
    Fingerprint-like information ● Onits own, a fingerprint seems cryptic ● Around 100 minutiae in a fingerprint ● Experts declare a fingerprint match if 12 minutiae match ● Precise identification is possible if fingerprints are indexed and queryable 16
  • 17.
    Illustration: Netflix MoviePreferences Join movie ratings Ratings of only 4-5 movies allowed successful identification of a large number of users was possible 17Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. InSecurity and Privacy, 2008. SP 2008. IEEE Symposium on 2008 May 18 (pp. 111-125). IEEE.
  • 18.
    Illustration: Strava Runningtracks French Military Base in MaliHeatmap 30 million runners worldwide Not that many in the Sahara 18
  • 19.
    And many more... ● Search queries ● Browser configuration 19
  • 20.
    Common issue: LinkageAttack ● With an auxiliary dataset an attacker can “link” the pseudonymous data ● Auxiliary dataset may or may not be obtained legally ● Auxiliary dataset may contain Personally Identifiable Information 20
  • 21.
    Take-away: Pseudonymization isnot enough ● “We do not share information of data in any personally identifiable form” -- Serial Pseudonymizer ● Still the most used today in data release 21
  • 22.
    Solution? K-anonymity: avoiding uniquejoins ● Avoid a unique join based on the “quasi-identifiers” attributes ● Each combination of quasi-identifiers appears at least in k rows ● Using Suppression - Generalization - Binning - Top-coding 22 Sweeney L. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems. 2002 Oct;10(05):557-70.
  • 23.
  • 24.
    K-anonymity: Linkage protection 24 Recordto be linked 3-anonymous dataset
  • 25.
    K-anonymity issues 25 Records tobe linked 3-anonymous dataset ● Lack of diversity ● Background knowledge
  • 26.
    K-anonymity: superficial linkageavoiding ● A syntactic guarantee ● Makes strong assumptions about attack scenario: ○ no external knowledge ● Curse of dimensionality ○ Hard to achieve in high dimensional spaces 26
  • 27.
    Take-away: assume theworst ● Do not assume anything about the attack scenario ○ Resourceful attacker ○ Access to auxiliary information ● Any method trying to preserve privacy needs to take this into account 27
  • 28.
    Privacy Promise: Opt-outscenario ● My data must have no effect on any analysis carried on on the dataset ● Problem: if nobody’s data has no effect on any analysis then there will be no utility. 28
  • 29.
    Privacy Promise: InferenceProtection ● I have a secret, denoted secret(me) ● Given any result of any analysis carried on a dataset, I expect: Pr(secret(me) | result) = Pr(secret(me)) ● Problem: ○ if the secret does not concern only me, i.e. can be generally learned from other people, then the result will affect me even if my data is not part of the dataset 29
  • 30.
    Privacy Promise: whatcan we expect? ● A tradeoff ○ With or without my data, any outcome of any analysis based on a given dataset is almost equally likely ○ The impact on me sharing information in the dataset will be limited to the general learnings not the specifics of my information 30
  • 31.
    Privacy Promise: differentialprivacy 31 Possible world including my data (D') Possible world excluding my data (D) Result R Given a result R, it should not be possible to guess whether my data was included or not in the dataset Dwork C, McSherry F, Nissim K, Smith A. Calibrating noise to sensitivity in private data analysis. InTheory of cryptography conference 2006 Mar 4 (pp. 265-284). Springer, Berlin, Heidelberg.
  • 32.
    Differential Privacy implementation: TheLaplace Mechanism Where is the global sensitivity of the function It represents the maximum contribution of a single record in the dataset. The ratio of the distributions is bounded by 32
  • 33.
    Differential Privacy: advantages ●No assumptions about the attack scenario ● Formal theoretical definition ● Composition theorems to reason about complex computations 33
  • 34.
    Differential Privacy: drawbacks ●Reason about multiple queries, setting a privacy budget ○ If a user asks the same query multiple times she might be able to remove the noise and deduce the true answer ● Hard to devise a differentially private mechanism in complex cases ● Limited adoption 34
  • 35.
    Differential Privacy: DataRelease? ● Release of aggregates (histograms) ○ US Census Bureau case ○ Challenge: maintain consistency across datasets ● What if we want to release data at the same granularity? 35
  • 36.
    Data Synthesization: illustration ●US army anthropometric data 36
  • 37.
    Data Synthesization: illustration ●US army synthetic anthropometric data based on the learned joint distribution 37
  • 38.
    Differentially Private Synthesization ●Estimate the joint distribution in a differentially private way 38
  • 39.
    Data Synthesization: Applications ●Test data in development phases ● Limit access to real data and replace it with synthetic data when possible ● Share synthetic data for exploration purposes 39
  • 40.
    Final Notes ● Pseudonymizationis not anonymization, do not use it ● Legal constraints (e.g. GDPR) are a trigger for organizations to use better privacy-preserving mechanisms ● Privacy-preserving data release is an open research question 40
  • 41.
    References ● Sweeney, Latanya.Weaving Technology and Policy Together to Maintain Confidentiality. Journal of Law, Medicine and Ethics, Vol. 25 1997, p. 98-110 ● Sweeney L. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems. 2002 Oct;10(05):557-70. ● Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. InSecurity and Privacy, 2008. SP 2008. IEEE Symposium on 2008 May 18 (pp. 111-125). IEEE. ● Dwork C, McSherry F, Nissim K, Smith A. Calibrating noise to sensitivity in private data analysis. InTheory of cryptography conference 2006 Mar 4 (pp. 265-284). Springer, Berlin, Heidelberg. ● Nissim K, Steinke T, Wood A, Altman M, Bembenek A, Bun M, Gaboardi M, O’Brien DR, Vadhan S. Differential Privacy: A Primer for a Non-technical Audience. Working Group Privacy Tools Sharing Res. Data, Harvard Univ., Boston, MA, USA, Tech. Rep. TR-2017-03. 2017 May 7. ● Dwork C, Roth A. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science. 2014 Aug 11;9(3–4):211-407. 41