A new framework for global data regulation

• URL: http://arxiv.org/abs/2308.12955v1
• Date: Thu, 24 Aug 2023 17:48:56 GMT
• Title: A new framework for global data regulation
• Authors: Ellie Graeden, David Rosado, Tess Stevens, Mallory Knodel, Rachele Hendricks-Sturrup, Andrew Reiskind, Ashley Bennett, John Leitner, Paul Lekas, Michelle DeMooy
• Abstract summary: We propose a regulatory framework designed to apply not to specific data or tools themselves, but to the outcomes and rights that are linked to the use of these data and tools in context. This framework is designed to recognize, address, and protect a broad range of human rights, including privacy.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Under the current regulatory framework for data protections, the protection of human rights writ large and the corresponding outcomes are regulated largely independently from the data and tools that both threaten those rights and are needed to protect them. This separation between tools and the outcomes they generate risks overregulation of the data and tools themselves when not linked to sensitive use cases. In parallel, separation risks under-regulation if the data can be collected and processed under a less-restrictive framework, but used to drive an outcome that requires additional sensitivity and restrictions. A new approach is needed to support differential protections based on the genuinely high-risk use cases within each sector. Here, we propose a regulatory framework designed to apply not to specific data or tools themselves, but to the outcomes and rights that are linked to the use of these data and tools in context. This framework is designed to recognize, address, and protect a broad range of human rights, including privacy, and suggests a more flexible approach to policy making that is aligned with current engineering tools and practices. We test this framework in the context of open banking and describe how current privacy-enhancing technologies and other engineering strategies can be applied in this context and that of contract tracing applications. This approach for data protection regulations more effectively builds on existing engineering tools and protects the wide range of human rights defined by legislation and constitutions around the globe.

Related papers

• The Future of International Data Transfers: Managing Legal Risk with a User-Held Data Model [0.0]
  The General Data Protection Regulation contains a blanket prohibition on the transfer of personal data outside of the European Economic Area unless strict requirements are met. New technologies have made international data transfers the norm and not the exception. This article examines one such alternative, namely a user-held data model.
  arXiv  Detail & Related papers  (2024-07-30T03:15:36Z)
• Collection, usage and privacy of mobility data in the enterprise and public administrations [55.2480439325792]
  Security measures such as anonymization are needed to protect individuals' privacy. Within our study, we conducted expert interviews to gain insights into practices in the field. We survey privacy-enhancing methods in use, which generally do not comply with state-of-the-art standards of differential privacy.
  arXiv  Detail & Related papers  (2024-07-04T08:29:27Z)
• The Data Minimization Principle in Machine Learning [61.17813282782266]
  Data minimization aims to reduce the amount of data collected, processed or retained. It has been endorsed by various global data protection regulations. However, its practical implementation remains a challenge due to the lack of a rigorous formulation.
  arXiv  Detail & Related papers  (2024-05-29T19:40:27Z)
• Legal Requirements Analysis [2.3349787245442966]
  We explore a variety of methods for analyzing legal requirements and exemplify them on representations. We describe possible alternatives for creating machine-analyzable representations from regulations.
  arXiv  Detail & Related papers  (2023-11-23T09:31:57Z)
• Theoretically Principled Federated Learning for Balancing Privacy and Utility [61.03993520243198]
  We propose a general learning framework for the protection mechanisms that protects privacy via distorting model parameters. It can achieve personalized utility-privacy trade-off for each model parameter, on each client, at each communication round in federated learning.
  arXiv  Detail & Related papers  (2023-05-24T13:44:02Z)
• Is Vertical Logistic Regression Privacy-Preserving? A Comprehensive Privacy Analysis and Beyond [57.10914865054868]
  We consider vertical logistic regression (VLR) trained with mini-batch descent gradient. We provide a comprehensive and rigorous privacy analysis of VLR in a class of open-source Federated Learning frameworks.
  arXiv  Detail & Related papers  (2022-07-19T05:47:30Z)
• An Example of Privacy and Data Protection Best Practices for Biometrics Data Processing in Border Control: Lesson Learned from SMILE [0.9442139459221784]
  Misuse of data, compromising the privacy of individuals and/or authorized processing of data may be irreversible. This is partly due to the lack of methods and guidance for the integration of data protection and privacy by design in the system development process. We present an example of privacy and data protection best practices to provide more guidance for data controllers and developers.
  arXiv  Detail & Related papers  (2022-01-10T15:34:43Z)
• Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
  Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
  arXiv  Detail & Related papers  (2021-12-21T08:44:05Z)
• A Proposal for Amending Privacy Regulations to Tackle the Challenges Stemming from Combining Data Sets [0.0]
  We focus on some shortcomings in current data protection regulation's ability to adequately address the ramifications of AI-driven data processing practices. We propose that privacy regulation relies less on individuals' privacy expectations and recommend regulatory reform in two directions.
  arXiv  Detail & Related papers  (2021-11-26T03:30:11Z)
• Learning to Limit Data Collection via Scaling Laws: Data Minimization Compliance in Practice [62.44110411199835]
  We build on literature in machine learning law to propose framework for limiting collection based on data interpretation that ties data to system performance. We formalize a data minimization criterion based on performance curve derivatives and provide an effective and interpretable piecewise power law technique.
  arXiv  Detail & Related papers  (2021-07-16T19:59:01Z)
• An operational architecture for privacy-by-design in public service applications [0.26249027950824505]
  We present an operational architecture for privacy-by-design based on independent regulatory oversight. We briefly discuss the feasibility of implementing our architecture based on existing techniques.
  arXiv  Detail & Related papers  (2020-06-08T14:57:29Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.