Privacy by design & privacy-enhancing technologies

Understanding GDPR

Shalini Kurapati, CIPP/E

Co-founder and CEO, Clearbox AI

Overview

  • Privacy by design
    • A proactive systems approach to privacy
  • Crux of Article 25 - GDPR
  • Privacy Enhancing Technologies (PETs)
  • Emerging PETs
Understanding GDPR

Data protection by design and by default

By design

A person's hand drawing some processes on a paper.

  • Pro-active systems approach
  • Privacy embedded in processes and systems

By default

Illustration of multiple icons representing settings.

  • Privacy-first default settings, data minimization
  • Both may seem high-level and abstract, but there are ways to implement them.
Understanding GDPR

Privacy-enhancing technologies

What are PETs?

  • Software and hardware solutions, processes, methods, or knowledge to preserve privacy or avoid privacy risks

Commonly used PETs:

  • Anonymization and pseudonymization
  • Encryption
  • Differential privacy (recent)

State-of-the-art/emerging technologies:

  • Synthetic data, federated learning
Understanding GDPR

Synthetic data

  • Artificially generated data

  • Retains statistical and predictive power of real data while preserving the privacy

    An illustration of a typical synthetic data generation process.

1 https://www.jpmorgan.com/synthetic-data
Understanding GDPR

Synthetic data use cases

  • Privacy preservation and data quality augmentation
  • Open innovation projects, AI model testing, data sandboxes, and data sharing across organizations
1 https://www.gartner.com/en/newsroom/press-releases/2022-08-22-gartner-data-analytics-summit-2022-orlando-day-1-highlights
Understanding GDPR

Federated learning

Illustration of the federated learning process.

  • Usually, data needs to 'leave' to external servers to train AI models, not privacy safe
  • Federated Learning trains models over remote devices while keeping the data localized
  • Model transfer instead of data transfer
1 P. Kairouz et al, Advances and Open Problems in Federated Learning, Foundations and Trends in Machine Learning Vol 4 Issue 1, 2021.
Understanding GDPR

Federated learning example

Illustration of the federated learning example of next word predictor algorithm trained across several mobile phones.

1 Li, T., Sahu, A. K., Talwalkar, A., & Smith, V. (2020). Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine, 37(3), 50-60.
Understanding GDPR

Before you go

  • There is no perfect privacy method or technology
  • Think about scope and context
  • Proportionality : risk vs benefit
  • Suitable measures based on the risk-benefit analysis
Understanding GDPR

Let's practice!

Understanding GDPR

Preparing Video For Download...