privacy-preserving data analytics via neural network models · nowadays, the current european...

Eleonora Ciceri ([email protected]), Marco Mosconi ([email protected]) Single data owner Multiple data owners Problem statement Data analytics can provide valuable knowledge to companies that leverage collected data to derive relevant information. However, processed data are often highly sensitive and thus their disclosure may harm individuals' privacy. Nowadays, the current European General Data Protection Regulation (GDPR) represents a major challenge for companies, as they are required to follow a privacy-by-design approach to protect data and yet allow their processing. The data controller needs to extract data analytics from his sensitive data in a privacy-preserving manner, thus he applies adequate protection (e.g., encryption) beforehand, and then outsources the task to a third-party data processor (e.g., the PAPAYA platform). Advantages: - data subjects' privacy is preserved - the computational burden is on the data processors Multiple data controllers would like to perform analytical tasks over their combined datasets, disclosing the extracted analytics and keeping protected their original datasets. Thus, each controller protects his dataset (e.g., via encryption) before outsourcing it for analytics extraction. Advantages: - data subjects' privacy is preserved - better models are built on larger datasets Applications in the healthcare field Use case: ECG analysis Use case: Stress management PAPAYA and the General Data Protection Regulation Advances in technology and the capability of big data analytics and artificial intelligence have made it easier to create profiles and make automated decisions. Article 29 Data Protection Working Party, on its "Guidelines on Automated Individual decision-making and Profiling", reports that "profiling and automated decision-making can pose significant risks for individuals' rights and freedoms which require appropriate safeguards". How PAPAYA addresses the challenge Explicit consent Data subjects have the ability to give or withdraw consent Security measures PETs are employed to extract analytics from subjects' data Transparency Data subjects can visualize the disclosed data and their rights Auditability Data controllers can visualize audit logs and handle DPIA Privacy-preserving data analytics via neural network models Proposed solution We developed dedicated privacy-preserving data analytics modules able to extract analytics on protected data, via the application of artificial intelligence. This approach ensures data subjects' privacy while still being cost-effective and accurate. trusted untrusted trusted untrusted trusted The research leading to these results has received funding from the European Union’s Horizon 2020 Research and Innovation Programme, through the PAPAYA project, under Grant Agreement No. 786767. This poster reflects the view of the consortium only. The Research Executive Agency is not responsible for any use that may be made of the information it contains.

Upload: others

Post on 09-Jan-2020

1 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Privacy-preserving data analytics via neural network models · Nowadays, the current European General Data Protection Regulation (GDPR) represents a major challenge for companies,

Eleonora Ciceri ([email protected]), Marco Mosconi ([email protected])

Single data owner Multiple data owners

Problem statement

Data analytics can provide valuable knowledge to companies that leverage collected data to derive relevant information. However, processed data are often highly sensitive and thus their disclosure may harm individuals' privacy.Nowadays, the current European General Data Protection Regulation (GDPR) represents a major challenge for companies, as they are required to follow a privacy-by-design approach to protect data and yet allow their processing.

The data controller needs to extract data analytics from his sensitive data in a privacy-preserving manner, thus he applies adequate protection (e.g., encryption) beforehand, and then outsources the task to a third-party data processor (e.g., the PAPAYA platform).

Advantages: - data subjects' privacy is preserved - the computational burden is on the data processors

Multiple data controllers would like to perform analytical tasks over their combined datasets, disclosing the extracted analytics and keeping protected their original datasets. Thus, each controller protects his dataset (e.g., via encryption) before outsourcing it for analytics extraction.

Advantages:- data subjects' privacy is preserved- better models are built on larger datasets

Applications in the healthcare field

Use case: ECG analysis Use case: Stress management

PAPAYA and the General Data Protection Regulation

Advances in technology and the capability of big data analytics and artificial intelligence have made it easier to create profiles and make automated decisions. Article 29 Data Protection Working Party, on its "Guidelines on Automated Individual decision-making and Profiling", reports that "profiling and automated decision-making can pose significant risks for individuals' rights and freedoms which require appropriate safeguards".

How PAPAYA addresses the challenge

Explicit consentData subjects have the ability to give or withdraw consent

Security measuresPETs are employed to extract analytics from subjects' data

TransparencyData subjects can visualize the disclosed data and their rights

AuditabilityData controllers can visualize audit logs and handle DPIA

Privacy-preserving data analytics via neural network models

Proposed solution

We developed dedicated privacy-preserving data analytics modules able to extract analytics on protected data, via the application of artificial intelligence. This approach ensures data subjects' privacy while still being cost-effective and accurate.

trusted

untrustedtrusted

untrusted

trusted

The research leading to these results has received funding from the European Union’s Horizon 2020 Research and Innovation Programme, through the PAPAYA project, under Grant Agreement No.

786767. This poster reflects the view of the consortium only. The Research Executive Agency is not responsible for any use that may be made of the information it contains.

Data Protection Directive And Gdpr - cacollege.co.za

The GDPR and genomic data

ARIS Data protection (GDPR)

General Data Protection Regulation (GDPR) Privacy and Data

INMOTION HOSTING GDPR DATA PROCESSING ADDENDUM …

EU GDPR as a Catalyst for Effective Data Governance and ... › ... › gdpr-white-paper.pdf · 8 WHITE PAPER / EU GDPR as a Catalyst for Effective Data Governance and Monetizing

DATA PROTECTION IN THE WAKE OF THE GDPR: CALIFORNIA’S ... · 2019] DATA PROTECTION IN THE WAKE OF THE GDPR 103 I. THE GDPR AND THE CCPA A. THE EUROPEAN UNION GENERAL DATA PROTECTION

Summary of General Data Regulation & Actions Data Services GDPR... · 2018-01-30 · Step 9 – Data breaches GDPR change: The GDPR widens the number of businesses obliged to notify

GDPR European General Data Protection Regulation (GDPR) · 2016-11-14 · European General Data Protection Regulation (GDPR) Webcast mit Sophos – 26.02.2016 2 • „European Directive“

Cross-Border Data Flows, the GDPR, and Data Governance

EU GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR ... · EU GDPR DPA v1.1 EU GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CLOUDFLARE CUSTOMERS WHO SHOULD EXECUTE THIS DPA: If you

Fintan Swanton GDPR Data