Big Data and the application of anonymization techniques Annual - - PowerPoint PPT Presentation

▶

Aug 27, 2023 207 likes •334 views

Big Data and the application of anonymization techniques Annual Privacy Forum 2015 7-8 October, Luxembourg Giuseppe DAcquisto Garante per la protezione dei dati personali 1 The concept of anonymization My data 1 D.O.F Any person Empty

SLIDE 1

1

Big Data and the application of anonymization techniques Annual Privacy Forum 2015 7-8 October, Luxembourg

Giuseppe D’Acquisto Garante per la protezione dei dati personali

SLIDE 2

The concept of anonymization

2

Empty

My data Any person 1 D.O.F

SLIDE 3

Anonymization is a relative concept

3

Any person This data is more anonymous This data is more anonymous My data This data is less anonymous This data is less anonymous IDs Location Biometrics/Health

SLIDE 4

Anonymization is absolute from legal perspective

4

This is personal data This is not personal data

SLIDE 5

The anonymization approach in the U.S.

5

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

This is personal data This is not personal data

SLIDE 6

The anonymization approach in the WP29 Opinion

6

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

1) Three privacy risks 2) Reasonable effort test

SLIDE 7

Engineering may not be enough

7

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

After engineering Gap to fill with policies

SLIDE 8

Safeguards

8

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

After Anonymization If the data is in the personal sphere (the device), then

art. 5(3)

applies First processing in compliance

SLIDE 9

Additional safeguards

9

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

After anonymization If access rights have to be granted, data cannot be anonymized Only personal data

SLIDE 10

On the re-use of data

10

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

Anonymization as a compatible further purpose

Non incompatibility
f purposes
Art 7(a) user friendly
Art 7(f) engineered
Engineering

information

SLIDE 11

Conclusions

11



There is room for privacy principles also in Big Data



New tools for safeguarding data subjects

–

Policy

–

Technology

–

Probability/Information theory



The key is the capability to deal with complexity: anonymization is difficult (but not impossible)…



…but, bad anonymization is very easy (AoL 2006 – Netflix 2009 - NY taxis 2014)

SLIDE 12

1

Big Data and the application of anonymization techniques Annual Privacy Forum 2015 7-8 October, Luxembourg

Giuseppe D’Acquisto Garante per la protezione dei dati personali

The concept of anonymization

2

Empty

My data Any person 1 D.O.F

Anonymization is a relative concept

3

Any person This data is more anonymous This data is more anonymous My data This data is less anonymous This data is less anonymous IDs Location Biometrics/Health

Anonymization is absolute from legal perspective

4

This is personal data This is not personal data

The anonymization approach in the U.S.

5

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

This is personal data This is not personal data

The anonymization approach in the WP29 Opinion

6

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

1) Three privacy risks 2) Reasonable effort test

Engineering may not be enough

7

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

After engineering Gap to fill with policies

Safeguards

8

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

After Anonymization If the data is in the personal sphere (the device), then

applies First processing in compliance

Additional safeguards

9

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

After anonymization If access rights have to be granted, data cannot be anonymized Only personal data

On the re-use of data

10

Any person My data IDs Location Biometrics/Health

This is personal data This is not personal data

Anonymization as a compatible further purpose

information

Conclusions

11

There is room for privacy principles also in Big Data

New tools for safeguarding data subjects

Policy

Technology

Probability/Information theory

The key is the capability to deal with complexity: anonymization is difficult (but not impossible)…

…but, bad anonymization is very easy (AoL 2006 – Netflix 2009 - NY taxis 2014)

12

Thank you very much g.dacquisto@gpdp.it