Divya Shanmugam,Samira Shabanian,Fernando Diaz,Michèle Finck,Asia Biega

DOI: https://doi.org/10.48550/arXiv.2107.08096

2022-06-13

Abstract:Modern machine learning systems are increasingly characterized by extensive personal data collection, despite the diminishing returns and increasing societal costs of such practices. Yet, data minimisation is one of the core data protection principles enshrined in the European Union's General Data Protection Regulation ('GDPR') and requires that only personal data that is adequate, relevant and limited to what is necessary is processed. However, the principle has seen limited adoption due to the lack of technical interpretation. In this work, we build on literature in machine learning and law to propose FIDO, a Framework for Inhibiting Data Overcollection. FIDO learns to limit data collection based on an interpretation of data minimization tied to system performance. Concretely, FIDO provides a data collection stopping criterion by iteratively updating an estimate of the performance curve, or the relationship between dataset size and performance, as data is acquired. FIDO estimates the performance curve via a piecewise power law technique that models distinct phases of an algorithm's performance throughout data collection separately. Empirical experiments show that the framework produces accurate performance curves and data collection stopping criteria across datasets and feature acquisition algorithms. We further demonstrate that many other families of curves systematically overestimate the return on additional data. Results and analysis from our investigation offer deeper insights into the relevant considerations when designing a data minimization framework, including the impacts of active feature acquisition on individual users and the feasability of user-specific data minimization. We conclude with practical recommendations for the implementation of data minimization.

Machine Learning,Computers and Society,Information Retrieval

Prakhar Ganesh,Cuong Tran,Reza Shokri,Ferdinando Fioretto

2024-05-30

Abstract:The principle of data minimization aims to reduce the amount of data collected, processed or retained to minimize the potential for misuse, unauthorized access, or data breaches. Rooted in privacy-by-design principles, data minimization has been endorsed by various global data protection regulations. However, its practical implementation remains a challenge due to the lack of a rigorous formulation. This paper addresses this gap and introduces an optimization framework for data minimization based on its legal definitions. It then adapts several optimization algorithms to perform data minimization and conducts a comprehensive evaluation in terms of their compliance with minimization objectives as well as their impact on user privacy. Our analysis underscores the mismatch between the privacy expectations of data minimization and the actual privacy benefits, emphasizing the need for approaches that account for multiple facets of real-world privacy risks.

Machine Learning,Artificial Intelligence

Thibaud Antignac,David Sands,Gerardo Schneider

DOI: https://doi.org/10.48550/arXiv.1611.05642

2016-11-17

Abstract:Data minimisation is a privacy-enhancing principle considered as one of the pillars of personal data regulations. This principle dictates that personal data collected should be no more than necessary for the specific purpose consented by the user. In this paper we study data minimisation from a programming language perspective. We assume that a given program embodies the purpose of data collection, and define a data minimiser as a pre-processor for the input which reduces the amount of information available to the program without compromising its functionality. In this context we study formal definitions of data minimisation, present different mechanisms and architectures to ensure data minimisation, and provide a procedure to synthesise a correct data minimiser for a given program.

Cryptography and Security

Paul De Hert,Juraj Sajfert

DOI: https://doi.org/10.2139/ssrn.4016491

2021-01-01

SSRN Electronic Journal

Abstract:The Law Enforcement Directive (EU) 2016/680 (LED) defines its basic principles, such as purpose limitation and data minimisation, differently than the General Data Protection Regulation (EU) 2016/679 (GDPR). This contribution is exploring the influence of those differences on new policing methods, in particular on the big data policing. After describing the data protection regulatory framework for law enforcement authorities in the EU, we explain our understanding of the notion of big data policing. We then critically interpret the purpose limitation and the data minimisation principle in the GDPR and the LED, thereby busting some myths about the LED, created by other academics. Finally, we explore the boundaries of the abovementioned basic LED principles, in an attempt to measure their success in finding the delicate balance between the high level of personal data protection and the contemporary law enforcement needs.

Thibaud Antignac,Daniel Le Métayer

DOI: https://doi.org/10.48550/arXiv.1408.1854

2014-08-08

Abstract:Privacy by design will become a legal obligation in the European Community if the Data Protection Regulation eventually gets adopted. However, taking into account privacy requirements in the design of a system is a challenging task. We propose an approach based on the specification of privacy architectures and focus on a key aspect of privacy, data minimisation, and its tension with integrity requirements. We illustrate our formal framework through a smart metering case study.

Cryptography and Security

Lilian Mitrou

DOI: https://doi.org/10.2139/ssrn.3386914

2018-01-01

SSRN Electronic Journal

Abstract:AI - in its interplay with Big Data, ambient intelligence, ubiquitous computing and cloud computing - augments the existing major, qualitative and quantitative, shift with regard to the processing of personal information. The questions that arise are of crucial importance both for the development of AI and the efficiency of data protection arsenal: Is the current legal framework AI-proof ? Are the data protection and privacy rules and principles adequate to deal with the challenges of AI or do we need to elaborate new principles to work alongside the advances of AI technology? Our research focuses on the assessment of GDPR that, however, does not specifically address AI, as the regulatory choice consisted more in what we perceive as “technology – independent legislation. The paper will give a critical overview and assessment of the provisions of GDPR that are relevant for the AI-environment, i.e. the scope of application, the legal grounds with emphasis on consent, the reach and applicability of data protection principles and the new (accountability) tools to enhance and ensure compliance.

Shizra Sultan,Christian D Jensen

DOI: https://doi.org/10.3390/s21093041

2021-04-26

Abstract:The amount of data generated in today's world has a fair share of personal information about individuals that helps data owners and data processors in providing them with personalized services. Different legal and regulatory obligations apply to all data owners collecting personal information, specifying they use it only for the agreed-upon purposes and in a transparent way to preserve privacy. However, it is difficult to achieve this in large-scale and distributed infrastructures as data is continuously changing its form, such as through aggregation with other sources or the generation of new transformed resources, resulting often in the loss or misinterpretation of the collection purpose. In order to preserve the authorized collection purposes, we propose data is added as a part of immutable and append-only resource metadata (provenance), to be retrieved by an access control mechanism when required for data-usage verification. This not only ensures purpose limitation in large-scale infrastructures but also provides transparency for individuals and auditing authorities to track how personal information is used.

Anna Popowicz-Pazdej

DOI: https://doi.org/10.69554/ilgy4235

2023-12-01

Abstract:Conflict between the right to privacy and data protection and the right to protect trade secrets must be regarded as more or less inevitable. The balancing of different rights is an issue of fundamental importance in data protection and privacy. Navigating the spectrum between the protection of technological development and the protection of fundamental rights is crucial to ensure safer implementation of generative AI tools. The proportionality principle serves as a globally recognised legal instrument to resolve the existing conflicts of fundamental rights. This poses the question of whether there is a need to reevaluate the balance between the disclosure of technical aspects and privacy and data protection rights and related obligations imposed on privacy engineers when developing generative AI tools. The concept of the proportionality principle, which is composed of the test of necessity, suitability and proportionality `sensu stricto`, can address the most vital tensions or interactions between these rights (especially when supported by the application of the appropriate legal framework). Therefore, this paper contributes not only to the discussion of a balanced approach when implementing AI tools, but also presents some general considerations for the global, regional and country-specific legal regulations (including different types of regulations and modes of enforcement when taking into account some technical aspects of the AI tools) within artificial intelligence that can support achieving this aim. To this end, this paper could be of value not only for lawmakers and developers of generative AI systems, but equally for practitioners, including law firms, to navigate the complex ethical and regulatory landscape in a thoughtful and cautious way.

Sandra Wachter,Brent Mittelstadt

DOI: https://doi.org/10.31228/osf.io/mu2kf

2018-10-12

Abstract:Big Data analytics and artificial intelligence (AI) draw non-intuitive and unverifiable inferences and predictions about the behaviors, preferences, and private lives of individuals. These inferences draw on highly diverse and feature-rich data of unpredictable value, and create new opportunities for discriminatory, biased, and invasive decision-making. Concerns about algorithmic accountability are often actually concerns about the way in which these technologies draw privacy invasive and non-verifiable inferences about us that we cannot predict, understand, or refute.Data protection law is meant to protect people’s privacy, identity, reputation, and autonomy, but is currently failing to protect data subjects from the novel risks of inferential analytics. The broad concept of personal data in Europe could be interpreted to include inferences, predictions, and assumptions that refer to or impact on an individual. If seen as personal data, individuals are granted numerous rights under data protection law. However, the legal status of inferences is heavily disputed in legal scholarship, and marked by inconsistencies and contradictions within and between the views of the Article 29 Working Party and the European Court of Justice.As we show in this paper, individuals are granted little control and oversight over how their personal data is used to draw inferences about them. Compared to other types of personal data, inferences are effectively ‘economy class’ personal data in the General Data Protection Regulation (GDPR). Data subjects’ rights to know about (Art 13-15), rectify (Art 16), delete (Art 17), object to (Art 21), or port (Art 20) personal data are significantly curtailed when it comes to inferences, often requiring a greater balance with controller’s interests (e.g. trade secrets, intellectual property) than would otherwise be the case. Similarly, the GDPR provides insufficient protection against sensitive inferences (Art 9) or remedies to challenge inferences or important decisions based on them (Art 22(3)).This situation is not accidental. In standing jurisprudence the European Court of Justice (ECJ; Bavarian Lager, YS. and M. and S., and Nowak) and the Advocate General (AG; YS. and M. and S. and Nowak) have consistently restricted the remit of data protection law to assessing the legitimacy of input personal data undergoing processing, and to rectify, block, or erase it. Critically, the ECJ has likewise made clear that data protection law is not intended to ensure the accuracy of decisions and decision-making processes involving personal data, or to make these processes fully transparent.Conflict looms on the horizon in Europe that will further weaken the protection afforded to data subjects against inferences. Current policy proposals addressing privacy protection (the ePrivacy Regulation and the EU Digital Content Directive) fail to close the GDPR’s accountability gaps concerning inferences. At the same time, the GDPR and Europe’s new Copyright Directive aim to facilitate data mining, knowledge discovery, and Big Data analytics by limiting data subjects’ rights over personal data. And lastly, the new Trades Secrets Directive provides extensive protection of commercial interests attached to the outputs of these processes (e.g. models, algorithms and inferences).In this paper we argue that a new data protection right, the ‘right to reasonable inferences’, is needed to help close the accountability gap currently posed ‘high risk inferences’ , meaning inferences that are privacy invasive or reputation damaging and have low verifiability in the sense of being predictive or opinion-based. In cases where algorithms draw ‘high risk inferences’ about individuals, this right would require ex-ante justification to be given by the data controller to establish whether an inference is reasonable. This disclosure would address (1) why certain data is a relevant basis to draw inferences; (2) why these inferences are relevant for the chosen processing purpose or type of automated decision; and (3) whether the data and methods used to draw the inferences are accurate and statistically reliable. The ex-ante justification is bolstered by an additional ex-post mechanism enabling unreasonable inferences to be challenged. A right to reasonable inferences must, however, be reconciled with EU jurisprudence and counterbalanced with IP and trade secrets law as well as freedom of expression and Article 16 of the EU Charter of Fundamental Rights: the freedom to conduct a business.

Asia J. Biega

DOI: https://doi.org/10.48550/arXiv.2309.00939

2023-09-02

Abstract:Reuse of data in new contexts beyond the purposes for which it was originally collected has contributed to technological innovation and reducing the consent burden on data subjects. One of the legal mechanisms that makes such reuse possible is purpose compatibility assessment. In this paper, I offer an in-depth analysis of this mechanism through a computational lens. I moreover consider what should qualify as repurposing apart from using data for a completely new task, and argue that typical purpose formulations are an impediment to meaningful repurposing. Overall, the paper positions compatibility assessment as a constructive practice beyond an ineffective standard.

Computers and Society

Robin Staab,Nikola Jovanović,Mislav Balunović,Martin Vechev

2023-11-22

Abstract:Aiming to train and deploy predictive models, organizations collect large amounts of detailed client data, risking the exposure of private information in the event of a breach. To mitigate this, policymakers increasingly demand compliance with the data minimization (DM) principle, restricting data collection to only that data which is relevant and necessary for the task. Despite regulatory pressure, the problem of deploying machine learning models that obey DM has so far received little attention. In this work, we address this challenge in a comprehensive manner. We propose a novel vertical DM (vDM) workflow based on data generalization, which by design ensures that no full-resolution client data is collected during training and deployment of models, benefiting client privacy by reducing the attack surface in case of a breach. We formalize and study the corresponding problem of finding generalizations that both maximize data utility and minimize empirical privacy risk, which we quantify by introducing a diverse set of policy-aligned adversarial scenarios. Finally, we propose a range of baseline vDM algorithms, as well as Privacy-aware Tree (PAT), an especially effective vDM algorithm that outperforms all baselines across several settings. We plan to release our code as a publicly available library, helping advance the standardization of DM for machine learning. Overall, we believe our work can help lay the foundation for further exploration and adoption of DM principles in real-world applications.

Machine Learning,Artificial Intelligence,Cryptography and Security

Rui-Jie Yew,Lucy Qin,Suresh Venkatasubramanian

2024-10-07

Abstract:Data forms the backbone of artificial intelligence (AI). Privacy and data protection laws thus have strong bearing on AI systems. Shielded by the rhetoric of compliance with data protection and privacy regulations, privacy-preserving techniques have enabled the extraction of more and new forms of data. We illustrate how the application of privacy-preserving techniques in the development of AI systems--from private set intersection as part of dataset curation to homomorphic encryption and federated learning as part of model computation--can further support surveillance infrastructure under the guise of regulatory permissibility. Finally, we propose technology and policy strategies to evaluate privacy-preserving techniques in light of the protections they actually confer. We conclude by highlighting the role that technologists could play in devising policies that combat surveillance AI technologies.

Computers and Society,Cryptography and Security

Mauritz Kop

DOI: https://doi.org/10.2139/ssrn.3653537

2020-01-01

SSRN Electronic Journal

Abstract:Europe is now at a crucial juncture in deciding how to deploy data driven technologies in ways that encourage democracy, prosperity and the well-being of European citizens. Normative preferences about how related technology laws ought to be designed should define sustainable exponential innovation policy. These preferences are dynamic and contextual. The upcoming European Data Act provides a major window of opportunity to change the story. In this respect, it is key that the European Commission takes firm action, removes overbearing policy and regulatory obstacles, strenuously harmonizes relevant legislation and provides concrete incentives and mechanisms for access, sharing and re-use of data. The article argues that to ensure an efficiently functioning European data-driven economy, a new and as yet unused term must be introduced to the field of AI & law: the right to process data for machine learning purposes. To make AI and machine learning thrive, we should critically re-examine the applicability and scope of intellectual property rights to data, including copyrights, sui generis database rights and trade secrets. The article demonstrates that exclusive de facto possession or control over machine learning input training, testing and validation datasets hinders healthy competition, a fair level playing field and rapid European innovation. The article rejects exclusive legal ownership rights over autonomously machine generated non-personal data, including AI made creations and inventions: this output belongs to the public domain. Machines do not need incentives, people need freedom of expression and businesses need freedom to operate. Synchronous to harmonized legislation, the social impact of digital transformation can be balanced and regulated by the architecture of digital systems. Embedding values in design should become a fundamental starting point of our data paradigm. Data has become a primary resource that should not be enclosed or commodified per se, but used for the common good. Commons based production and data for social good initiatives should be stimulated by the state. We need not to think in terms of exclusive, private property on data, but in terms of rights and freedoms to use, (modalities of) access, process and share data. If necessary and desirable for the progress of society, the state can implement new forms of property. Against this background the article explores normative justifications for open innovation, drawing inspiration from the works of canonical thinkers such as Locke, Marx, Kant and Hegel.Whether or not data as digital assets are ultimately admitted to the numerus clausus of legal objects i.e. acknowledged as subject matter eligible for private ownership, or whether other modalities and states of property are being developed, the article maintains that there should also be exceptions to (de facto, economic or legal) ownership claims on data that provide user rights and freedom to operate in the setting of AI model training.The article concludes that this exception is conceivable as a legal concept analogous to a quasi, imperfect usufruct in the form of a right to process data for machine learning purposes. A combination of usus and fructus (ius utendi et fruendi), not for land but for primary resource data. A right to process data that works within the context of AI and the Internet of Things (IoT), and that fits in the EU acquis communautaire. Such a right makes access, sharing and re-use of data possible, and helps to fulfil the European Strategy for Data’s desiderata.

Viktoras Justickis

DOI: https://doi.org/10.2478/bjlp-2020-0006

2020-06-01

Abstract:Abstract The role of balancing in the development and application of European data protection is enormous. European courts widely use it; it is the basis for harmonization of pan-European and national laws, plays a crucial role in everyday data protection. Therefore, the correctness of a huge number of critical decisions in the EU depends on the perfection of the balancing method. However, the real ability of the balancing method to cope with this mission has been subjected to intense criticism in the scientific literature. This criticism has highlighted its imperfections and casts doubt on its suitability to optimize the relation between competing rights. Paradoxically, the everyday practice of balancing tends to ignore this criticism. The limitations of the balancing method are typically not discussed and are not taken into account when considering legal cases and solving practical issues. Thus, it is tacitly assumed that the shortcomings and limitations of the balancing method, which the criticism points out, are irrelevant when making real-life decisions. This article discusses the scope of this phenomenon, its manifestations, and its impact on the quality of data protection decisions based on the balancing method:sub-optimality of these decisions, their opacity, public dissatisfaction with the legal regulation, its instability and low authority The ways of bridging the gap between the practice of balancing and science and broader consideration by the practice of the shortcomings of the balancing method identified during scientific discussions are considered.

Subhashis Banerjee

DOI: https://doi.org/10.48550/arXiv.1801.05313

2018-01-16

Computers and Society

Abstract:Privacy protection in digital databases does not demand that data should not be collected, stored or used, but that there should be guarantees that the data can only be used for pre-approved and legitimate purposes. We argue that a data protection law based on traditional understanding of privacy protection and detection of privacy infringements is unlikely to be successful, and that what is required is a law based on an understanding of the architectural requirements of authorisation, audit and access control in real-time. Despite the protection principles being sound, privacy protection in digital databases has been less than effective, anywhere, mainly because of weak enforcement methods.

Alison Cool

DOI: https://doi.org/10.1177/0306312719846557

2019-05-06

Social Studies of Science

Abstract:On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) came into force. EU citizens are granted more control over personal data while companies and organizations are charged with increased responsibility enshrined in broad principles like transparency and accountability. Given the scope of the regulation, which aims to harmonize data practices across 28 member states with different concerns about data collection, the GDPR has significant consequences for individuals in the EU and globally. While the GDPR is primarily intended to regulate tech companies, it also has important implications for data use in scientific research. Drawing on ethnographic fieldwork with researchers, lawyers and legal scholars in Sweden, I argue that the GDPR’s flexible accountability principle effectively encourages researchers to reflect on their ethical responsibility but can also become a source of anxiety and produce unexpected results. Many researchers I spoke with expressed profound uncertainty about ‘impossible’ legal requirements for research data use. Despite the availability of legal texts and interpretations, I suggest we should take researchers’ concerns about ‘unknowable’ data law seriously. Many researchers’ sense of legal ambiguity led them to rethink their data practices and themselves as ethical subjects through an orientation to what they imagined as the ‘real people behind the data’, variously formulated as a Swedish population desiring data use for social benefit or a transnational public eager for research results. The intentions attributed to people, populations and publics – whom researchers only encountered in the abstract form of data – lent ethical weight to various and sometimes conflicting decisions about data security and sharing. Ultimately, researchers’ anxieties about their inability to discern the desires of the ‘real people’ lent new appeal to solutions, however flawed, that promised to alleviate the ethical burden of personal data.

history & philosophy of science

Serge Abiteboul,Julia Stoyanovich

DOI: https://doi.org/10.48550/arXiv.1903.03683

2019-03-09

Abstract:The data revolution continues to transform every sector of science, industry and government. Due to the incredible impact of data-driven technology on society, we are becoming increasingly aware of the imperative to use data and algorithms responsibly -- in accordance with laws and ethical norms. In this article we discuss three recent regulatory frameworks: the European Union's General Data Protection Regulation (GDPR), the New York City Automated Decisions Systems (ADS) Law, and the Net Neutrality principle, that aim to protect the rights of individuals who are impacted by data collection and analysis. These frameworks are prominent examples of a global trend: Governments are starting to recognize the need to regulate data-driven algorithmic technology. Our goal in this paper is to bring these regulatory frameworks to the attention of the data management community, and to underscore the technical challenges they raise and which we, as a community, are well-equipped to address. The main take-away of this article is that legal and ethical norms cannot be incorporated into data-driven systems as an afterthought. Rather, we must think in terms of responsibility by design, viewing it as a systems requirement.

Databases,Computers and Society

Katarzyna Kolasa,W Ken Redekop,Alexander Berler,Vladimir Zah,Carl V Asche

DOI: https://doi.org/10.1007/s40273-020-00927-1

PharmacoEconomics

Abstract:The development of evidence to demonstrate 'value for money' is regarded as an important step in facilitating the search for the optimal allocation of limited resources and has become an essential component in healthcare decision making. Real-world evidence collected from de-identified individuals throughout the continuum of healthcare represents the most valuable source in technology evaluation. However, in the European Union, the value assessment based on real-world data has become challenging as individuals have recently been given the right to have their personal data erased in the case of consent withdrawal or when the data are regarded as being no longer necessary. This act may limit the usefulness of data in the future as it may introduce information bias. Among healthcare stakeholders, this has become an important topic of discussion because it relates to the importance of data on one side and to the need for personal data protection on the other side, especially when it comes to "personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveals information about his or her health status". At the forefront of these discussions are data protection issues as well as the population's trust in digital services. It seems that the new era has begun, where citizens and patients will have the ability to manage their personal or self-generated data. The European Commission has laid the groundwork for this paradigm shift that will steadily emerge in the coming years. To prepare for this change, we believe attention should be given to data security and other rules of data privacy. It has become increasingly important to ensure that individuals are properly introduced into complex environments with multiple sources of Big Data for clinical and behavioral purposes to provide an optimal balance between societal and individual benefits. In this article, a number of issues are considered and discussed, based upon the authors' experience, with the aim of helping the reader better understand the implications of the use of Big Data and the importance of data protection in the coming years.

Kaori Ishii

DOI: https://doi.org/10.1007/s00146-017-0758-8

2017-08-31

Abstract:This paper undertakes a comparative legal study to analyze the challenges of privacy and personal data protection posed by Artificial Intelligence (“AI”) embedded in Robots, and to offer policy suggestions. After identifying the benefits from various AI usages and the risks posed by AI-related technologies, I then analyze legal frameworks and relevant discussions in the EU, USA, Canada, and Japan, and further consider the efforts of Privacy by Design (“PbD”) originating in Ontario, Canada. While various AI usages provide great convenience, many issues, including profiling, discriminatory decisions, lack of transparency, and impeding consent, have emerged. The unpredictability arising from the AI machine learning function poses further difficulties, which have only been partially addressed by legal frameworks in the aforementioned jurisdictions. However, analyzing the relevant discussions yielded several suggestions. The first priority is adopting PbD as the most flexible, soft-legal, and preferable approach toward AI-oriented issues. Implementing PbD will protect individual privacy and personal data without specific efforts, and achieve both the development of AI and the advancement of privacy and personal data protection. Technical measures that can adapt to an individual’s dynamic choices according to the “context” should be further developed. Furthermore, alternative technical measures, including those to solve the “algorithmic black box” or achieve differential privacy, warrant thorough examination. If AI surpasses human intelligence, a terminating function, such as a “kill switch” will be the last resort to preserve individual choice. Despite numerous difficulties, we must prepare for the coming AI-prevalent society by taking a flexible approach.

Luis Enriquez

2024-11-06

Abstract:What if the main data protection vulnerability is risk management? Data Protection merges three disciplines: data protection law, information security, and risk management. Nonetheless, very little research has been made on the field of data protection risk management, where subjectivity and superficiality are the dominant state of the art. Since the GDPR tells you what to do, but not how to do it, the solution for approaching GDPR compliance is still a gray zone, where the trend is using the rule of thumb. Considering that the most important goal of risk management is to reduce uncertainty in order to take informed decisions, risk management for the protection of the rights and freedoms of the data subjects cannot be disconnected from the impact materialization that data controllers and processors need to assess. This paper proposes a quantitative approach to data protection risk-based compliance from a data controllers perspective, with the aim of proposing a mindset change, where data protection impact assessments can be improved by using data protection analytics, quantitative risk analysis, and calibrating expert opinions.

Risk Management,Machine Learning