data privacy introduction vicen c torra march 2019
play

Data privacy: Introduction Vicen c Torra March, 2019 Hamilton - PowerPoint PPT Presentation

May 01, 2023 •111 likes •510 views

Data privacy: Introduction Vicen c Torra March, 2019 Hamilton Institute, Maynooth University, Ireland Outline Outline 1. Motivation 2. Difficulties 3. Terminology 4. Disclosure 5. Transparency 6. Privacy by design 7. Summary 1 / 37

  1. Data privacy: Introduction Vicen¸ c Torra March, 2019 Hamilton Institute, Maynooth University, Ireland

  2. Outline Outline 1. Motivation 2. Difficulties 3. Terminology 4. Disclosure 5. Transparency 6. Privacy by design 7. Summary 1 / 37

  3. Motivation Outline Motivation 2 / 37

  4. Introduction Outline Introduction • Data privacy: core ◦ Someone needs to access to data to perform authorized analysis, but access to the data and the result of the analysis should avoid disclosure. ? E.g., you are authorized to compute the average stay in a hospital, but maybe you are not authorized to see the length of stay of your neighbor. Vicen¸ c Torra; Data privacy: Introduction 3 / 37

  5. Introduction Outline Introduction • Problems/difficulties? Example 1 ◦ Q: sickness influenced by studies and commuting distance ? ◦ Data: (where students live, what they study, if they got sick) DB = { ( Dublin, CS & SE, no ) ( Dublin, CS & SE, yes ) ( ) Dublin, . . . , . . . . . . ( Maynooth, CS & SE, no ) ( Maynooth, CS & SE, no ) ( Maynooth, CS & SE, yes ) ( ) Maynooth, . . . , . . . . . . Ballyroe 1 , XXXX, yes ( ) ◦ No “personal data”, is this ok ? NO!! ⇒ We learn that our friend is sick !! Vicen¸ c Torra; Data privacy: Introduction 4 / 37

  6. Introduction Outline Introduction • Problems/difficulties? Example 2 ◦ Q: Mean income of admitted to hospital unit (e.g., psychiatric unit) for a given Town? ◦ Mean income is not “personal data”, is this ok ? NO!!: ◦ Example 2 : 1000 2000 3000 2000 1000 6000 2000 10000 2000 4000 ⇒ mean = 3300 ◦ Adding Ms. Rich’s salary 100,000 Eur/month: mean = 12090,90 ! (a extremely high salary changes the mean significantly) ⇒ We infer Ms. Rich from Town was attending the unit 2 Average wage in Ireland (2018): 38878 ⇒ monthly 3239 Eur https://www.frsrecruitment.com/blog/market-insights/average-wage-in-ireland/ Vicen¸ c Torra; Data privacy: Introduction 5 / 37

  7. Introduction Outline Introduction • A personal view of core and boundaries of data privacy: core ◦ data uses / rellevant techniques ⋆ Data to be used for data analysis ⇒ statistics, machine learning, data mining ⇒ compute indices, find patterns, build models ⋆ Data is transmitted ⇒ communications security Privacy Communications Machine learning Data mining access Statistics control • Someone needs to access to data to perform authorized analysis, but access to the data and the result of the analysis should avoid disclosure. Vicen¸ c Torra; Data privacy: Introduction 6 / 37

  8. Introduction Outline Introduction • A personal view of core and boundaries of data privacy: boundaries ◦ Database in a computer or in a removable device ⇒ access control to avoid unauthorized access = ⇒ Access to address (admissions), Access to blood test (admissions?) ◦ Data is transmitted ⇒ security technology to avoid unauthorized access = ⇒ Data from blood glucose meter sent to hospital. Network sniffers Transmission is sensitive: Near miss/hit report to car manufacturers security Privacy access control Vicen¸ c Torra; Data privacy: Introduction 7 / 37

  9. Introduction Outline Motivation • Legislation. ◦ Privacy a fundamental right. (Ch. 1.1) ⋆ Universal Declaration of Human Rights (UN). European Convention on Human Rights (Council of Europe). General Data Protection Regulation - GDPR (EU). National regulations. ◦ Enforcement (GDPR) ⋆ Obligations with respect to data processing ⋆ Requirement to report personal data breaches ⋆ Grant individual rights (to be informed, to access, to rectification, to erasure, ...) • Companies own interest. ◦ Competitors can take advantage of information. • Avoiding privacy breach. Several well known cases. Vicen¸ c Torra; Data privacy: Introduction 8 / 37

  10. Introduction Outline Motivation • Privacy and society ◦ Not only a computer science/technical problem ⋆ Social roots of privacy ⋆ Multidisciplinary problem ◦ Social, legal, philosophical questions ◦ Culturally relative? I.e., the importance of privacy is the same among all people ? ◦ Are there aspects of life which are inherently private or just conventionally so? Vicen¸ c Torra; Data privacy: Introduction 9 / 37

  11. Introduction Outline Motivation • Privacy and society. Is this a new problem? Yes and not ◦ No side. See the following: Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life; and numerous mechanical devices threaten to make good the prediction that ”what is whispered in the closet shall be proclaimed from the house-tops.” (...) Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery (...) To occupy the indolent, column upon column is filled with idle gossip, which can only be procured by intrusion upon the domestic circle. (S. D. Warren and L. D. Brandeis, 1890) ◦ Yes side: big data, storage, surveillance/CCTV, RFID, IoT Vicen¸ c Torra; Data privacy: Introduction 10 / 37

  12. Introduction Outline Motivation • Technical solutions ◦ Statistical disclosure control (SDC) ◦ Privacy preserving data mining (PPDM) ◦ Privacy enhancing technologies (PET) • Socio-technical aspects ◦ Technical solutions are not enough ◦ Implementation/management of solutions for achieving data privacy need to have a holistic perspective of information systems ◦ E.g., employees and customers: how technology is applied Vicen¸ c Torra; Data privacy: Introduction 11 / 37

  13. Difficulties Outline Difficulties Vicen¸ c Torra; Data privacy: Introduction 12 / 37

  14. Difficulties Outline Difficulties • Difficulties: Naive anonymization does not work Passenger manifest for the Missouri, arriving February 15, 1882; Port of Boston 3 Names, Age, Sex, Occupation, Place of birth, Last place of residence, Yes/No, condition (healthy?) 3 https://www.sec.state.ma.us/arc/arcgen/genidx.htm Vicen¸ c Torra; Data privacy: Introduction 13 / 37

  15. Difficulties Outline Difficulties • Difficulties: highly identifiable data ◦ (Sweeney, 1997) on USA population ⋆ 87.1% (216 million/248 million) were likely made them unique based on 5-digit ZIP, gender, date of birth, ⋆ 3.7% (9.1 million) had characteristics that were likely made them unique based on 5-digit ZIP, gender, Month and year of birth. Vicen¸ c Torra; Data privacy: Introduction 14 / 37

  16. Difficulties Outline Difficulties • Difficulties: highly identifiable data and high dimensional data ◦ Data from mobile devices: ⇒ two positions can make you unique (home and working place) ◦ AOL 4 and Netflix cases (search logs and movie ratings) ⇒ User No. 4417749, hundreds of searches over a three-month period including queries ’landscapers in Lilburn, Ga’ − → Thelma Arnold identified! ⇒ individual users matched with film ratings on the Internet Movie Database. ◦ Similar with credit card payments, shopping carts, ... 4 http://www.nytimes.com/2006/08/09/technology/09aol.html Vicen¸ c Torra; Data privacy: Introduction 15 / 37

  17. Difficulties Outline Difficulties • Difficulties: highly identifiable data and high dimensional data ◦ Ex1: Sickness influenced by studies and commuting distance ? ◦ Ex2: Mean income of admitted to hospital unit (e.g., psychiatric unit) for a given Town? ◦ Ex3: Driving behavior in the morning ⋆ Automobile manufacturer uses (data from vehicles) ⋆ Data: First drive after 6:00am (GPS origin + destination, time) × 30 days ⋆ No “personal data”, is this ok?: NO!!!: ⋆ How many cars from your home to your work? Are you exceeding the speed limit? Are you visiting a psychiatric clinic every tuesday? Vicen¸ c Torra; Data privacy: Introduction 16 / 37

  18. Difficulties Outline Difficulties • Data privacy is “impossible”, or not? challenging ◦ Privacy vs. utility ◦ Privacy vs. security ◦ Computationally feasible Vicen¸ c Torra; Data privacy: Introduction 17 / 37

  19. Terminology Outline Terminology Vicen¸ c Torra; Data privacy: Introduction 18 / 37

  20. Terminology Outline Terminology • Terminology using as framework a communication network with senders (actors) and receivers (actees) senders recipients messages communication network • Attacker, adversary, intruder ◦ the set of entities working against some protection goal ◦ increase their knowledge (e.g., facts, probabilities, . . . ) on the items of interest (IoI) (senders, receivers, messages, actions) Vicen¸ c Torra; Data privacy: Introduction 19 / 37

  21. Terminology Outline Terminology • Anonymity set. Anonymity of a subject means that the subject is not identifiable within a set of subjects, the anonymity set. Not distinguishable! • Unlinkability. Unlinkability of two or more IoI, the attacker cannot sufficiently distinguish whether these IoIs are related or not. ⇒ Unlinkability with the sender implies anonymity of the sender. ◦ Linkability but anonymity. E.g., an attacker links all messages of a transaction, due to timing, but all are encrypted and no information can be obtained about the subjects in the transactions: anonymity not compromised. (region of the anonymity box outside unlinkability box) Vicen¸ c Torra; Data privacy: Introduction 20 / 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction Goals: / Topics Privacy from three different perspectives: anonymous communications/privacy enhancing technologies, privacy preserving data

197 views • 6 slides
Data privacy: introduction Vicen c Torra January 15, 2018 Privacy, Information and

Data privacy: introduction Vicen c Torra January 15, 2018 Privacy, Information and

Oslo, 2018 Data privacy: introduction Vicen c Torra January 15, 2018 Privacy, Information and Cyber-Security Center SAIL, School of Informatics, University of Sk ovde, Sweden Outline Outline 1. Motivation 2. Privacy models and

1.14k views • 57 slides
Data privacy: Privacy models Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Data privacy: Privacy models Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Data privacy: Privacy models Vicen c Torra March, 2019 Hamilton Institute, Maynooth University, Ireland Outline Outline Privacy models 1 / 11 Data privacy > Privacy models Outline Privacy models ? 2 / 11 Data privacy > Privacy

695 views • 12 slides
Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth

Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth

Data privacy: an overview Vicen c Torra December, 2019 Hamilton Institute, Maynooth University, Ireland Overview Outline Overview What is data privacy? Why is it necessary and why it is challenging/difficult? Some definitions

2.02k views • 188 slides
Data privacy: an introduction (part II) Vicen c Torra February, 2017 School of Informatics,

Data privacy: an introduction (part II) Vicen c Torra February, 2017 School of Informatics,

Sk ovde 2017 Data privacy: an introduction (part II) Vicen c Torra February, 2017 School of Informatics, University of Sk ovde, Sweden Outline Outline 1. Basics 2. A classification Dimensions 3. Masking methods 4. Privacy

449 views • 41 slides
Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of

PAIS 2015 Transparency and disclosure risk in data privacy c Torra 1 Vicen March, 2015 1 School of Informatics, University of Sk ovde, Sweden Outline Outline Outline Quantitative measures of risk: record linkage Transparency principle:

1.35k views • 91 slides
Data privacy. A briefer. Vicen c Torra (vtorra@ieee.org) May 31st, 2018 Privacy, Information

Data privacy. A briefer. Vicen c Torra (vtorra@ieee.org) May 31st, 2018 Privacy, Information

IEEE Chapter Meeting, Sk ovde Data privacy. A briefer. Vicen c Torra (vtorra@ieee.org) May 31st, 2018 Privacy, Information and Cyber-Security Center SAIL, School of Informatics, University of Sk ovde, Sweden Outline Outline 1.

841 views • 35 slides
On machine learning for data privacy Vicen c Torra Dec. 7, 2016 School of Informatics,

On machine learning for data privacy Vicen c Torra Dec. 7, 2016 School of Informatics,

Link oping 2016 On machine learning for data privacy Vicen c Torra Dec. 7, 2016 School of Informatics, University of Sk ovde, Sweden Outline Outline Outline Disclosure risk. A quantitative measures: record linkage The worst-case

1.29k views • 101 slides
Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas

Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas

Graph Perturbation as Noise Graph Addition: A New Perspective for Graph Anonymization Vicen Torra, Julin Salas Data Privacy Management Luxembourg, 26 September 2019 Outline 1. Introduction Motivations and objectives Random graph

355 views • 20 slides
User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of

User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of

User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of Sk ovde, Sweden Outline Outline 1. User privacy 1 / 25 Outline User privacy 2 / 25 DP > Dimensions Outline Data Privacy Classification

836 views • 37 slides
Classification of procedures Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Classification of procedures Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Classification of procedures Vicen c Torra March, 2019 Hamilton Institute, Maynooth University, Ireland Outline Outline 1. Dimensions 1st dimension 2nd dimension 3rd dimension Other dimensions 2. Roadmap of data protection

805 views • 34 slides
Choquet integral in decision making and metric learning Vicen c Torra Hamilton Institute,

Choquet integral in decision making and metric learning Vicen c Torra Hamilton Institute,

IUKM 2019 - Nara, Japan Choquet integral in decision making and metric learning Vicen c Torra Hamilton Institute, Maynooth University Ireland March 27, 2018 Outline Overview Basics and objectives: Using Choquet integral in two types

1.37k views • 88 slides
Non-additive measures and integrals Vicen c Torra March, 2014 IIIA-CSIC (joint work with

Non-additive measures and integrals Vicen c Torra March, 2014 IIIA-CSIC (joint work with

LiU 2014 Non-additive measures and integrals Vicen c Torra March, 2014 IIIA-CSIC (joint work with Yasuo Narukawa and Michio Sugeno) Motivation Outline A short motivation Topic. Non-additive measures A generalization of additive

1.49k views • 111 slides
Aggregation functions for social decision making Vicen c Torra torsdag den 17. oktober 2013

Aggregation functions for social decision making Vicen c Torra torsdag den 17. oktober 2013

Kbenhavn, Danmark, 2013 Aggregation functions for social decision making Vicen c Torra torsdag den 17. oktober 2013 Institut dInvestigaci o en Intel lig` encia Artificial (IIIA-CSIC), Bellaterra Outline Outline 1. Introduction

1.29k views • 112 slides
On some extensions and applications of non-additive measures Vicen c Torra September, 2013

On some extensions and applications of non-additive measures Vicen c Torra September, 2013

LFSC 2013 On some extensions and applications of non-additive measures Vicen c Torra September, 2013 Joint Work: Y. Narukawa, K. Stokes, G. Navarro-Arribas, D. Abril Institut dInvestigaci o en Intel lig` encia Artificial

1.5k views • 122 slides
Choquet integral: distributions and decisions Vicen c Torra School of Informatics, University

Choquet integral: distributions and decisions Vicen c Torra School of Informatics, University

83rd EWG-MCDA 2016 Choquet integral: distributions and decisions Vicen c Torra School of Informatics, University of Sk ovde Sk ovde, Sweden March 31-32 , 2016 Overview > Example Outline Overview Basics and objectives:

1.24k views • 101 slides
AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data Protection and Ethics Contents Privacy in the Digital age: main issues Ethics: definitions and background Privacy challenges in Health

713 views • 23 slides
Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by Design ETH Zurich, Switzerland www.inf.ethz.ch/~langhein Ubicomp 2001, Atlanta Contents Ubicomp 2001, Atlanta ! Privacy primer Does privacy

680 views • 22 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
a challenging excercise Go to Conference 2015 Sten Schaumburg-Mller University of Southern

a challenging excercise Go to Conference 2015 Sten Schaumburg-Mller University of Southern

Protection of privat life a challenging excercise Go to Conference 2015 Sten Schaumburg-Mller University of Southern Denmark stsm@sam.sdu.dk 20 minutes Introduction Private life a necessity Habermas and the restructuring

158 views • 15 slides
Solar demand in Europe in times of COVID-19 Aristotelis Chantavas President of SolarPower Europe

Solar demand in Europe in times of COVID-19 Aristotelis Chantavas President of SolarPower Europe

Solar demand in Europe in times of COVID-19 Aristotelis Chantavas President of SolarPower Europe Head of Europe Enel Green Power A new Era of Growth for Solar in the European Union EU market outlook until 2023 (status: Dec. 2019): EU solar

368 views • 7 slides
(Straw) Man in the Middle: A Modest Post-Snowden Proposal Brussels, Belgium Jacob Appelbaum

(Straw) Man in the Middle: A Modest Post-Snowden Proposal Brussels, Belgium Jacob Appelbaum

(Straw) Man in the Middle: A Modest Post-Snowden Proposal Brussels, Belgium Jacob Appelbaum [redacted] 10 December 2015 Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 1 / 26 Post-Snowden? What does that mean?

439 views • 33 slides
Northern Irelands Place in Europe post-Brexit 5 November 2019 www.qub.ac.uk/Brexit

Northern Irelands Place in Europe post-Brexit 5 November 2019 www.qub.ac.uk/Brexit

Northern Irelands Place in Europe post-Brexit 5 November 2019 www.qub.ac.uk/Brexit @QUBPolicy Where are we with Brexit? Professor David Phinnemore @DPhinnemore Where are we with Brexit? 17 October 2019 revised Withdrawal Agreement

446 views • 11 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides

More recommend