Personal Big Data, GDPR and Anonymization

Domingo-Ferrer, Josep

doi:10.1007/978-3-030-27629-4_2

Josep Domingo-Ferrer¹⁴

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 11529))

Included in the following conference series:

International Conference on Flexible Query Answering Systems

1072 Accesses
4 Citations

Abstract

Big data are analyzed to reveal patterns, trends and associations, especially relating to human behavior and interactions. However, according to the European General Data Protection Regulation (GDPR), which is becoming a de facto global data protection standard, any intended uses of personally identifiable information (PII) must be clearly specified and explicitly accepted by the data subjects. Furthermore, PII cannot be accumulated for secondary use. Thus, can exploratory data uses on PII be GDPR-compliant? Hardly so.

Resorting to anonymized data sets instead of PII is a natural way around, for anonymized data fall outside the scope of GDPR. The problem is that anonymization techniques, based on statistical disclosure control and privacy models, use algorithms and assumptions from the time of small data that must be thoroughly revised, updated or even replaced to deal with big data.

Upgrading big data anonymization to address the previous challenge needs to empower users (by giving them useful anonymized data), subjects (by giving them control on anonymization) and controllers (by simplifying anonymization and making it more flexible).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y.-A., Bourka, A.: Privacy by design in big data – an overview of privacy enhancing technologies in the era of big data analytics. European Union Agency for Network and Information Security (ENISA) (2015)
Google Scholar
Barbaro, M., Zeller, T.: A face is exposed for AOL searcher no. 4417749. New York Times (2006)
Google Scholar
Danezis, G., et al.: Privacy and data protection by design – from policy to engineering. European Union Agency for Network and Information Security (ENISA) (2015)
Google Scholar
Duhigg, C.: How companies learn your secrets. New York Times Mag. (2012)
Google Scholar
General Data Protection Regulation. Regulation (EU) 2016/679. https://gdpr-info.eu
General Data Protection Regulation (GDPR). Google cloud whitepaper, May 2018
Google Scholar
Lomas, N.: Facebook urged to maked GDPR its “baseline standard” globally. Techcrunch, 9 April 2018
Google Scholar
Ma, A.: China has started ranking citizens with a creepy ‘social credit’ system - here’s what you can do wrong, and the embarrassing, demeaning ways they can punish you. Business Insider, 8 April 2018
Google Scholar
Rogaway, P.: The moral character of cryptographic work. Invited talk at Asiacrypt 2015. http://web.cs.ucdavis.edu/~rogaway/papers/moral.pdf
Solon, O.: ‘Data is a fingerprint’: why you aren’t as anonymous as you think online. The Guardian (2018)
Google Scholar
Soria-Comas, J., Domingo-Ferrer, J.: Big data privacy: challenges to privacy principles and models. Data Sci. Eng. 1(1), 21–28 (2015)
Article Google Scholar
Sweeney, L.: Simple demographics often identify people uniquely. Carnegie Mellon University, Data privacy work paper 3, Pittsburgh (2000)
Google Scholar
Yu, S.: Big privacy: challenges and opportunitiesof privacy study in the age of big data. IEEE Access 4, 2751–2763 (2016)
Article Google Scholar

Download references

Acknowledgment and Disclaimer

Partial support to this work has been received from the European Commission (project H2020-700540 “CANVAS”), the Government of Catalonia (ICREA Acadèmia Prize to J. Domingo-Ferrer and grant 2017 SGR 705), and from the Spanish Government (project RTI2018-095094-B-C21). The author is with the UNESCO Chair in Data Privacy, but the views in this paper are his own and are not necessarily shared by UNESCO.

Author information

Authors and Affiliations

Department of Computer Science and Mathematics, CYBERCAT-Center for Cybersecurity Research of Catalonia, UNESCO Chair in Data Privacy, Universitat Rovira i Virgili, Av. Països Catalans 26, 43007, Tarragona, Catalonia, Spain
Josep Domingo-Ferrer

Authors

Josep Domingo-Ferrer
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Josep Domingo-Ferrer .

Editor information

Editors and Affiliations

University of Calabria, Rende, Italy
Alfredo Cuzzocrea
University of Calabria, Rende, Italy
Sergio Greco
Legind Technologies , Esbjerg , Denmark
Henrik Legind Larsen
University of Calabria, Rende, Italy
Domenico Saccà
Roskilde University, Roskilde, Denmark
Troels Andreasen
Roskilde University, Roskilde, Denmark
Henning Christiansen

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Domingo-Ferrer, J. (2019). Personal Big Data, GDPR and Anonymization. In: Cuzzocrea, A., Greco, S., Larsen, H., Saccà, D., Andreasen, T., Christiansen, H. (eds) Flexible Query Answering Systems. FQAS 2019. Lecture Notes in Computer Science(), vol 11529. Springer, Cham. https://doi.org/10.1007/978-3-030-27629-4_2

Download citation

DOI: https://doi.org/10.1007/978-3-030-27629-4_2
Published: 12 September 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-27628-7
Online ISBN: 978-3-030-27629-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics