The University of Southampton
University of Southampton Institutional Repository

Dealing with privacy risk: solutions to data sharing under the GDPR for data controllers

Dealing with privacy risk: solutions to data sharing under the GDPR for data controllers
Dealing with privacy risk: solutions to data sharing under the GDPR for data controllers
Personal data are increasingly needed to improve scientific research and decision making in several contexts. However, when collecting or processing data refers to individual respondents, privacy-preserving techniques must be implemented to sanitise or protect the data and guarantee the fundamental right to privacy of data subjects. The growing demand for consistent and comprehensive protection of personal data leads to the adoption of the new General Data Protection Regulation (GDPR).

In this thesis, we investigate privacy risk and data sharing solutions under the GDPR, providing data controllers with some data protection techniques to comply with the GDPR. We first explore the implications of a fundamental terminology - personal data, highlighted in the GDPR by interpreting three types of related data: pseudonymised data, Art.11 data and anonymised data, aiming to help data controllers identify what kind of data they are holding. We deploy a risk-based approach to determine how the existing data anonymisation techniques can be assessed in harmony with the new data types in the GDPR.

In light of the promotion of risk assessment methods in the GDPR and our proposed riskbased approach, we further develop a privacy risk mining framework based on machine learning, which consists of a two-phase clustering algorithm and a privacy risk tree model to detect record linkage risk of publishing a new sanitised dataset. This empowers data controllers to envisage the re-identification vulnerabilities and apply more reliable measures for data publishing.

Finally, being aware of the risk and the insufficiency of existing data protection techniques, firstly we propose a privacy management framework for data controllers to improve the utility and security of differentially private data sharing with blockchain technology. Secondly, another framework which combines the blockchain and homomorphic encryption is proposed to outsource centralised anonymisation service and help data owners share data with multiple data controllers.
University of Southampton
Hu, Runshan
18986f90-49c4-430e-8047-3bf6b2be61c3
Hu, Runshan
18986f90-49c4-430e-8047-3bf6b2be61c3
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7

Hu, Runshan (2020) Dealing with privacy risk: solutions to data sharing under the GDPR for data controllers. Doctoral Thesis, 121pp.

Record type: Thesis (Doctoral)

Abstract

Personal data are increasingly needed to improve scientific research and decision making in several contexts. However, when collecting or processing data refers to individual respondents, privacy-preserving techniques must be implemented to sanitise or protect the data and guarantee the fundamental right to privacy of data subjects. The growing demand for consistent and comprehensive protection of personal data leads to the adoption of the new General Data Protection Regulation (GDPR).

In this thesis, we investigate privacy risk and data sharing solutions under the GDPR, providing data controllers with some data protection techniques to comply with the GDPR. We first explore the implications of a fundamental terminology - personal data, highlighted in the GDPR by interpreting three types of related data: pseudonymised data, Art.11 data and anonymised data, aiming to help data controllers identify what kind of data they are holding. We deploy a risk-based approach to determine how the existing data anonymisation techniques can be assessed in harmony with the new data types in the GDPR.

In light of the promotion of risk assessment methods in the GDPR and our proposed riskbased approach, we further develop a privacy risk mining framework based on machine learning, which consists of a two-phase clustering algorithm and a privacy risk tree model to detect record linkage risk of publishing a new sanitised dataset. This empowers data controllers to envisage the re-identification vulnerabilities and apply more reliable measures for data publishing.

Finally, being aware of the risk and the insufficiency of existing data protection techniques, firstly we propose a privacy management framework for data controllers to improve the utility and security of differentially private data sharing with blockchain technology. Secondly, another framework which combines the blockchain and homomorphic encryption is proposed to outsource centralised anonymisation service and help data owners share data with multiple data controllers.

Text
RunshanHu - Thesis
Available under License University of Southampton Thesis Licence.
Download (1MB)
Text
PTDThesis HU - SIGNED
Restricted to Repository staff only

More information

Published date: September 2020

Identifiers

Local EPrints ID: 447771
URI: http://eprints.soton.ac.uk/id/eprint/447771
PURE UUID: f23efa3e-c86d-439a-9491-cac9c33336e5
ORCID for Runshan Hu: ORCID iD orcid.org/0000-0002-5209-8850
ORCID for Vladimiro Sassone: ORCID iD orcid.org/0000-0002-6432-1482

Catalogue record

Date deposited: 19 Mar 2021 17:35
Last modified: 10 Sep 2024 01:40

Export record

Contributors

Author: Runshan Hu ORCID iD
Thesis advisor: Vladimiro Sassone ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×