Privacy in Real Life

  • German constitution (Grundgesetz) provides “informationelle Selbstbestimmung”
  • Datenschutzbeauftragte: Verfahrensbeschreibung, Datenschutzerklaerung

Privacy from a Computer Science perspective

data in a table

Privacy-Preserving Data Publishing

  • Quasi-Identifier (QID): town, institute, research field
  • Explicit Identifier: prename, surname, fingerprint, Rentenversicherungsnummer

subjective

  • Sensitive Attributes:
  • Non-sensitive Attributes:

explicit => loeschen quasi-identifier => anonymisiert

methods of anonymization

  • generalization along a given hierarchy
  • suppression remove characters

privacy model: k-anonymity & l-diversity

  • groups of size at least k
  • and at least l distinct values for the sensitive attributes within the groups

Remark: treat sensitive attributes as quasi-identifier

Privacy from Armin Gerl’s perspective

Users <-> Funding Institution <-> Data-Warehouse <-> Data Recipient

Goals:

  • Dem Benutzer die Moeglichkeit geben ueber die Datenschutzeinstellungen seines Datensatzes zu bestimmen.
  • Dadurch bestimmen die Benutzer kollektiv was das akzeptable Datenschutzlevel (Privacy Model, Anonymisieurungsmethode) ist.

Problem/Challenge:

  • calculation of the “optimal anonymization” in a data-warehouse scenario in which the data originates from different sources with (inherent) diverse privacy requirements.

Steps:

  1. privacy language to model privacy requirements
  2. find minimal common privacy requirement for several users
  3. OPT model utility of data fields
  4. return optimal anonymization

Layered Privacy Setup

Q & A

  • soft conditions/preference-SQL
  • data warehouse is single-point-of-failure
  • evaluation by performance (loss) on selected use cases
  • attack model