Data Traceability for Privacy Alignment
- URL: http://arxiv.org/abs/2503.09823v2
- Date: Mon, 24 Mar 2025 18:48:39 GMT
- Title: Data Traceability for Privacy Alignment
- Authors: Kevin Liao, Shreya Thipireddy, Daniel Weitzner,
- Abstract summary: We offer a new privacy approach for the growing ecosystem of services dependent on personal data sharing between individuals and third parties.<n>We introduce the concept of covert-accountability, which addresses the risk from adversaries that may act dishonestly but nevertheless face potential identification and legal consequences.<n>We present the OTrace protocol, designed to provide traceable, accountable, consumer-control in third-party data sharing ecosystems.
- Score: 1.1970748626806043
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: This paper offers a new privacy approach for the growing ecosystem of services -- ranging from open banking to healthcare -- dependent on sensitive personal data sharing between individuals and third parties. While these services offer significant benefits, individuals want control over their data, transparency regarding how their data is used, and accountability from third parties for misuse. However, existing legal and technical mechanisms are inadequate for supporting these needs. A comprehensive approach to the modern privacy challenges of accountable third-party data sharing requires a closer alignment of technical system architecture and legal institutional design. In order to achieve this privacy alignment, we extend traditional security threat modeling and analysis to encompass a broader range of privacy notions than has been typically considered. In particular, we introduce the concept of covert-accountability, which addresses the risk from adversaries that may act dishonestly but nevertheless face potential identification and legal consequences. As a concrete instance of this design approach, we present the OTrace protocol, designed to provide traceable, accountable, consumer-control in third-party data sharing ecosystems. OTrace empowers consumers with the knowledge of who has their data, what it is being used for, what consent or other legal terms apply, and whom it is being shared with. By applying our alignment framework, we demonstrate that OTrace's technical affordances can provide more confident, scalable regulatory oversight when combined with complementary legal mechanisms.
Related papers
- Data Sharing, Privacy and Security Considerations in the Energy Sector: A Review from Technical Landscape to Regulatory Specifications [49.567747749614924]
Decarbonization, decentralization and digitalization are the three key elements driving the twin energy transition.<n>This paper conducts a comprehensive review of the data-related issues for the energy system by integrating both technical and regulatory dimensions.<n>We classify the issues into three categories: (i) data-sharing among energy end users and stakeholders (ii) privacy of end users, and (iii) cyber security.
arXiv Detail & Related papers (2025-03-05T14:23:56Z) - Privacy-Preserving Customer Support: A Framework for Secure and Scalable Interactions [0.0]
This paper introduces the Privacy-Preserving Zero-Shot Learning (PP-ZSL) framework, a novel approach leveraging large language models (LLMs) in a zero-shot learning mode.<n>Unlike conventional machine learning methods, PP-ZSL eliminates the need for local training on sensitive data by utilizing pre-trained LLMs to generate responses directly.<n>The framework incorporates real-time data anonymization to redact or mask sensitive information, retrieval-augmented generation (RAG) for domain-specific query resolution, and robust post-processing to ensure compliance with regulatory standards.
arXiv Detail & Related papers (2024-12-10T17:20:47Z) - Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency.<n>Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
arXiv Detail & Related papers (2024-12-07T20:18:36Z) - Extensible Consent Management Architectures for Data Trusts [0.0]
This paper proposes a framework for consent management in Data Trusts.
Data can flow across a network through "role tunnels" established based on corresponding legal capacities.
arXiv Detail & Related papers (2023-09-28T18:28:50Z) - Libertas: Privacy-Preserving Computation for Decentralised Personal Data Stores [19.54818218429241]
We propose a modular design for integrating Secure Multi-Party Computation with Solid.
Our architecture, Libertas, requires no protocol level changes in the underlying design of Solid.
We show how this can be combined with existing differential privacy techniques to also ensure output privacy.
arXiv Detail & Related papers (2023-09-28T12:07:40Z) - Blockchain-empowered Federated Learning for Healthcare Metaverses:
User-centric Incentive Mechanism with Optimal Data Freshness [66.3982155172418]
We first design a user-centric privacy-preserving framework based on decentralized Federated Learning (FL) for healthcare metaverses.
We then utilize Age of Information (AoI) as an effective data-freshness metric and propose an AoI-based contract theory model under Prospect Theory (PT) to motivate sensing data sharing.
arXiv Detail & Related papers (2023-07-29T12:54:03Z) - Auditing and Generating Synthetic Data with Controllable Trust Trade-offs [54.262044436203965]
We introduce a holistic auditing framework that comprehensively evaluates synthetic datasets and AI models.
It focuses on preventing bias and discrimination, ensures fidelity to the source data, assesses utility, robustness, and privacy preservation.
We demonstrate the framework's effectiveness by auditing various generative models across diverse use cases.
arXiv Detail & Related papers (2023-04-21T09:03:18Z) - An Example of Privacy and Data Protection Best Practices for Biometrics
Data Processing in Border Control: Lesson Learned from SMILE [0.9442139459221784]
Misuse of data, compromising the privacy of individuals and/or authorized processing of data may be irreversible.
This is partly due to the lack of methods and guidance for the integration of data protection and privacy by design in the system development process.
We present an example of privacy and data protection best practices to provide more guidance for data controllers and developers.
arXiv Detail & Related papers (2022-01-10T15:34:43Z) - Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data.
FL and related techniques are often described as privacy-preserving.
We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
arXiv Detail & Related papers (2021-12-21T08:44:05Z) - A Proposal for Amending Privacy Regulations to Tackle the Challenges
Stemming from Combining Data Sets [0.0]
We focus on some shortcomings in current data protection regulation's ability to adequately address the ramifications of AI-driven data processing practices.
We propose that privacy regulation relies less on individuals' privacy expectations and recommend regulatory reform in two directions.
arXiv Detail & Related papers (2021-11-26T03:30:11Z) - Trustworthy Transparency by Design [57.67333075002697]
We propose a transparency framework for software design, incorporating research on user trust and experience.
Our framework enables developing software that incorporates transparency in its design.
arXiv Detail & Related papers (2021-03-19T12:34:01Z) - An operational architecture for privacy-by-design in public service
applications [0.26249027950824505]
We present an operational architecture for privacy-by-design based on independent regulatory oversight.
We briefly discuss the feasibility of implementing our architecture based on existing techniques.
arXiv Detail & Related papers (2020-06-08T14:57:29Z) - Beyond privacy regulations: an ethical approach to data usage in
transportation [64.86110095869176]
We describe how Federated Machine Learning can be applied to the transportation sector.
We see Federated Learning as a method that enables us to process privacy-sensitive data, while respecting customer's privacy.
arXiv Detail & Related papers (2020-04-01T15:10:12Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.