The following presentation was given at the workshop "From data protection and privacy to fairness and trust: the way forward" co-organized by e-SIDES at EBDVF 2018 in Vienna on November 14, 2018. The workshop, chaired by Jean-Cristophe Pazzaglia (SAP - BDVe) and Richard Stevens (IDC - e-SIDES), included a panel discussion with representatives from PAPAYA, SPECIAL and My Health My Data projects.
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
1. From data
protection and
privacy to fairness
and trust: the way
forward
Best practices and
lessons from the Big
Data Value PPP
November 14, 2018 10.30-12.30
Room 62.01.048 – 70 PAX theater
Siemens Conference Center Vienna
Tweet your views: #EBDVF_Privacy
2. Workshop Agenda
10.30 Welcome and introduction
Jean-Christophe Pazzaglia (SAP, BDVe), Richard Stevens (IDC, e-SIDES)
10.45 The Big Data Value Association perspective:
Zoltan Mann (Paluno, BDVA TF6.SG4)
11.00 Mentimeter voting
Richard Stevens (IDC, e-SIDES)
11.05 Panel for discussion and Q&A
Moderator: Richard Stevens (IDC, e-SIDES)
12.05 Mentimeter results
Richard Stevens (IDC, e-SIDES)
12.15 Wrap-up and key messages
Jean-Christophe Pazzaglia (SAP, BDVe project), Richard Stevens (IDC, e-Sides)
12.30 End of session
3. Privacy workshop … again ?
• Towards Privacy-Preserving
Big Data
• How existing data
technologies may help to
overcome existing data
protection challenges and
avoid privacy abuses?
EBDVF2017
• How to innovate in a GDPR
world ?
• How to experiment while
anticipating problems and
paving the way to
productization ?
Meet up 2018 • From data protection and
privacy to fairness and trust:
the way forward
• Best practices and lessons
from the Big Data Value PPP
EBDVF2018
4. What do we want to achieve ?
Off Topic On Topic
5. From data protection and privacy to
fairness and trust: the way forward
The Big Data Value Association (BDVA)
perspective
Zoltan Mann
paluno – The Ruhr Institute for Software Technology
University of Duisburg-Essen
Vienna, 14th November 2018
6. • Data protection and the BDVA
• Insights from the Strategic Research
and Innovation Agenda (SRIA)Agenda
7. • Industry-driven international not-for-profit
organization with 200 members all over Europe
• Private counterpart to the EU Commission to
implement the Big Data Value PPP program
• Vision: positioning Europe as the world leader in the
creation of Big Data Value
• Mission: develop the Innovation Ecosystem that will
enable the data and AI-driven digital transformation in
Europe delivering maximum economic and societal
benefit, and, achieving and sustaining Europe’s
leadership on Big Data Value creation and Artificial
Intelligence
The Big Data
Value Association
(BDVA)
8. • Big data – big risks
• Task Force 6 (Technical)
• TF6.SG4 (Data Protection and Pseudonymisation
Mechanisms)
• Closely linked to other technical and non-technical areas
• Combines providers and users of data protection solutions
• Activities and (aspired) outputs:
• Knowledge sharing and networking
• Thought leadership: Strategic Research and Innovation
Agenda (SRIA), whitepaper etc.
Data protection
@ BDVA
9. • Data protection and the BDVA
• Insights from the Strategic Research
and Innovation Agenda (SRIA)Agenda
10. • Major update on data protection
• Section 3.5: Priority “Data Protection”
• Will be available from the BDVA website
(http://www.bdva.eu/)
• Sneak previewSRIA v4.1
11. • Simple pseudonymisation approaches insufficient to
guarantee privacy
• Privacy guarantees vs. data utility (for analysis, learning etc.)
• Easy to use and enforceable data protection approaches
needed
• Conforming to current legislation, such as the GDPR,
and applicable policies
• Providing the means to define the purpose of
information gathering and sharing
• Controlling the granularity at which data is shared with
third parties
• Enforcing that the data are only used for the defined
purposes
Challenges (1/2)
12. • Support for the full data lifecycle (data-in-motion, data-at-rest, data-
in-use)
• Data analytics methods to cope with encrypted or anonymised data
• Scalability and performance impact
• Handling different data types and co-existing data types (e.g.,
relational data together with non-structured data)
• Assessment, communication, and mitigation of risks
• Also online, automatically
• Complex and dynamic environments, like cloud and fog computing
• Combining different techniques
• Technical and organizational
• Adaptive, optimized application of techniques
Challenges (2/2)
13. • Encryption and encrypted data processing techniques
• Multiparty computation and data mining,
homomorphic encryption, functional encryption,
searchable encryption
• Anonymization, pseudonymization, data minimization
• Distributed trust technologies such as blockchain
• Differential privacy
• Secure hardware enclaves
• Access control
Techniques
14. • Projects addressing data protection within the BDV PPP
• MyHealthMyData
• SODA
• e-SIDES
• SPECIAL
• Many other relevant projects, e.g.
• PAPAYA
• PoSeID-on
• RestAssured
• PDP4E
• DEFeND
• SMOOTH
• BPR4GDPR
EU projects
15. • Data for AI and data by AI
• How does data protection apply to AI?
• Technically?
• Legally?
• Ethically?
• Explainable data protection?
AI and data
protection
20. PAPAYA: Technology “as” part of the Solution in DaaS contexts
What to protect?
Data (health data, web browsing,
customer habits, identity, etc.)
Query
Model
From whom to protect?
Cloud server
Querier
Data collector
Different settings (single data owner,
collaborative analytics, multiple data
sources…)
How to protect?
Integrated Platform with privacy
preserving analytics modules
(Cryptographic Techniques: HE, SMC, Diff. Privacy)
User Control of data disclosure
Transparency, Awareness, Preferences
for Data Subjects
• Dedicated cryptographic constructions
Privacy with efficiency
• Dedicated data analytics
Privacy with accuracy
• User Privacy Dashboard
Privacy with transparency
21. Get away from endlessly long ToS and Privacy Policies!
Strive for clear information and give users more control
Examples of realization approaches:
• Layered approach for technical settings during app installation on mobile device
• Dynamic consent management lifting burden of ‘consent fatigue’, which allows enrichment
of profiles over time and in context of service usage
Addressing GDPR conditions of transparent
information + legally valid consent
22. Position statement
European Big Data Value Forum – Vienna, 13 November 2018
What are the main hurdles in implementing privacy-preserving technologies beyond the research domain,
and how can we overcome these hurdles?
Privacy-by-design
Sensitive data
Inferred data
Liability and ethical responsibility
o Data breaches
o Competition law
o Regional differences
Legal/ethical aspects
Costs and benefits
Business models
Public attention
Economic value
Cultural fit
Skill level
Societal/economic aspects
Aspects related to
hurdles and aids
23. Privacy attitudes
- Access to data, dynamic consent, AI and
analytics, post GDPR opportunities
Demand and Supply side
Shifting markets
Demand: internal & external data flows
Supply: startups for tooling and PETs
Privacy from the start and PbD
As an after-thought (compliance- based)
Interaction PETs and DDBM
Privacy Enhancing Technologies
Data Driven Business Model
Economic logic & business models for privacy-
preserving technologies
Cryptographic Techniques: Homomorphic encryption, Secure Multi-party Computation, Secure data aggregation, leakage study
Examples of data analytics tasks: computing statistics (sum, average, mean, standard deviation…), training a machine learning model or use a trained model for classification (neural networks) => Privacy preserving data aggregation/statistics (family of HE incl. LHE, partially HE…, secret sharing techniques), Privacy preserving machine learning (e.g. regression and deep learning): SMC, HE, Diff. Privacy, Techniques for Privacy-Preserving Analytics with ML/NN (HE and / or SMC), Deep Learning (Diff. priacy in learning, SMC and / or HE in classification), (Server-aided) SMC for connected devices
Addressing the privacy concerns when data analytics tasks are performed by untrusted third-party data processors. PAPAYA specifically addresses privacy threats in BDA: offering individuals preserved privacy and data protection while retaining the possibility to gain deeper insights from personal data through analytics (“positive sum”).
Objectives
Privacy by design
Privacy preserving analytics modules
Sum, average,…
regression, neural networks,…
Different settings
Single Data Owner
Collaborative Data Analytics
Integrated platform
Interoperability among modules
User control of data disclosure
PAPAYA project will provide a dedicated platform for privacy preserving data analytics operations. This platform will offer different privacy preserving data analytics modules that can be used by different entities such as companies or hospitals to perform data analytics on the data they collect from end users in a way that preserves their privacy while still being able to infer valuable information from the analysed data. Performance will be carefully considered as a prerequisite for the platform operations. During the design and the implementation of these new privacy preserving analytics modules, we will minimize the impact on the accuracy of the analytics tasks. Moreover, since some of the usage scenarios involve several data owners that may combine their data into a joint dataset, such as in the collaborative scenario (US2) and the third-party querier case (US4), communication between parties such that the privacy of the respective data is preserved will be supported. Additionally, the PAPAYA platform will also make available the privacy preserving primitives that are used by the newly developed analytics modules. This can be useful for developers who may wish to build new privacy preserving data analytics modules.
Besides, the PAPAYA platform will provide a control and visualization mechanism, based on a dashboard that will enable end users to decide what data to disclose and what data to protect. Via this dashboard, users will also be presented what data are disclosed, and, if relevant, with which protection. On the other hand, the dashboard will provide administration options for the platform users.
Finally, the PAPAYA platform will generate tamper-proof auditable accounts with respect to data collection and analytics on the platform. This will enable the platform users to control and verify when needed the flow of operations performed by the PAPAYA components (such as disclosed data, analysed data, etc.) and hence increase trust towards PAPAYA. The audit account will be generated and presented through the PAPAYA’s dashboard.