Properties of Effective Information Anonymity Regulations

• URL: http://arxiv.org/abs/2408.14740v1
• Date: Tue, 27 Aug 2024 02:34:41 GMT
• Title: Properties of Effective Information Anonymity Regulations
• Authors: Aloni Cohen, Micah Altman, Francesca Falzon, Evangelina Anna Markatou, Kobbi Nissim,
• Abstract summary: We develop a set of technical requirements for anonymization rules and related regulations. As an exemplar, we evaluate competing interpretations of regulatory requirements from the EU's General Data Protection Regulation.
• Score: 6.8322083925948185
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: A firm seeks to analyze a dataset and to release the results. The dataset contains information about individual people, and the firm is subject to some regulation that forbids the release of the dataset itself. The regulation also imposes conditions on the release of the results. What properties should the regulation satisfy? We restrict our attention to regulations tailored to controlling the downstream effects of the release specifically on the individuals to whom the data relate. A particular example of interest is an anonymization rule, where a data protection regulation limiting the disclosure of personally identifiable information does not restrict the distribution of data that has been sufficiently anonymized. In this paper, we develop a set of technical requirements for anonymization rules and related regulations. The requirements are derived by situating within a simple abstract model of data processing a set of guiding general principles put forth in prior work. We describe an approach to evaluating such regulations using these requirements -- thus enabling the application of the general principles for the design of mechanisms. As an exemplar, we evaluate competing interpretations of regulatory requirements from the EU's General Data Protection Regulation.

Related papers

• C3PA: An Open Dataset of Expert-Annotated and Regulation-Aware Privacy Policies to Enable Scalable Regulatory Compliance Audits [7.1195014414194695]
  C3PA is the first regulation-aware dataset of expert-annotated privacy policies. It contains over 48K expert-labeled privacy policy text segments associated with responses to CCPA-specific disclosure mandates.
  arXiv  Detail & Related papers  (2024-10-04T21:04:39Z)
• RegNLP in Action: Facilitating Compliance Through Automated Information Retrieval and Answer Generation [51.998738311700095]
  Regulatory documents, characterized by their length, complexity and frequent updates, are challenging to interpret. RegNLP is a multidisciplinary subfield aimed at simplifying access to and interpretation of regulatory rules and obligations. ObliQA dataset contains 27,869 questions derived from the Abu Dhabi Global Markets (ADGM) financial regulation document collection.
  arXiv  Detail & Related papers  (2024-09-09T14:44:19Z)
• LegiLM: A Fine-Tuned Legal Language Model for Data Compliance [5.256747140296861]
  LegiLM is a novel legal language model specifically tailored for consulting on data or information compliance. It has been fine-tuned to automatically assess whether particular actions or events breach data security and privacy regulations. LegiLM excels in detecting data regulation breaches, offering sound legal justifications, and recommending necessary compliance modifications.
  arXiv  Detail & Related papers  (2024-09-09T02:06:52Z)
• The Data Minimization Principle in Machine Learning [61.17813282782266]
  Data minimization aims to reduce the amount of data collected, processed or retained. It has been endorsed by various global data protection regulations. However, its practical implementation remains a challenge due to the lack of a rigorous formulation.
  arXiv  Detail & Related papers  (2024-05-29T19:40:27Z)
• PrivComp-KG : Leveraging Knowledge Graph and Large Language Models for Privacy Policy Compliance Verification [0.0]
  We propose a Large Language Model (LLM) and Semantic Web based approach for privacy compliance. PrivComp-KG is designed to efficiently store and retrieve comprehensive information concerning privacy policies. It can be queried to check for compliance with privacy policies by each vendor against relevant policy regulations.
  arXiv  Detail & Related papers  (2024-04-30T17:44:44Z)
• A Summary of Privacy-Preserving Data Publishing in the Local Setting [0.6749750044497732]
  Statistical Disclosure Control aims to minimize the risk of exposing confidential information by de-identifying it. We outline the current privacy-preserving techniques employed in microdata de-identification, delve into privacy measures tailored for various disclosure scenarios, and assess metrics for information loss and predictive performance.
  arXiv  Detail & Related papers  (2023-12-19T04:23:23Z)
• Post-processing of Differentially Private Data: A Fairness Perspective [53.29035917495491]
  This paper shows that post-processing causes disparate impacts on individuals or groups. It analyzes two critical settings: the release of differentially private datasets and the use of such private datasets for downstream decisions. It proposes a novel post-processing mechanism that is (approximately) optimal under different fairness metrics.
  arXiv  Detail & Related papers  (2022-01-24T02:45:03Z)
• Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
  Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
  arXiv  Detail & Related papers  (2021-12-21T08:44:05Z)
• Learning to Limit Data Collection via Scaling Laws: Data Minimization Compliance in Practice [62.44110411199835]
  We build on literature in machine learning law to propose framework for limiting collection based on data interpretation that ties data to system performance. We formalize a data minimization criterion based on performance curve derivatives and provide an effective and interpretable piecewise power law technique.
  arXiv  Detail & Related papers  (2021-07-16T19:59:01Z)
• Operationalizing the Legal Principle of Data Minimization for Personalization [64.0027026050706]
  We identify a lack of a homogeneous interpretation of the data minimization principle and explore two operational definitions applicable in the context of personalization. We find that the performance decrease incurred by data minimization might not be substantial, but it might disparately impact different users.
  arXiv  Detail & Related papers  (2020-05-28T00:43:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.