Dealing with privacy risk: solutions to data sharing under the GDPR for data controllers
Dealing with privacy risk: solutions to data sharing under the GDPR for data controllers
Personal data are increasingly needed to improve scientific research and decision making in several contexts. However, when collecting or processing data refers to individual respondents, privacy-preserving techniques must be implemented to sanitise or protect the data and guarantee the fundamental right to privacy of data subjects. The growing demand for consistent and comprehensive protection of personal data leads to the adoption of the new General Data Protection Regulation (GDPR).
In this thesis, we investigate privacy risk and data sharing solutions under the GDPR, providing data controllers with some data protection techniques to comply with the GDPR. We first explore the implications of a fundamental terminology - personal data, highlighted in the GDPR by interpreting three types of related data: pseudonymised data, Art.11 data and anonymised data, aiming to help data controllers identify what kind of data they are holding. We deploy a risk-based approach to determine how the existing data anonymisation techniques can be assessed in harmony with the new data types in the GDPR.
In light of the promotion of risk assessment methods in the GDPR and our proposed riskbased approach, we further develop a privacy risk mining framework based on machine learning, which consists of a two-phase clustering algorithm and a privacy risk tree model to detect record linkage risk of publishing a new sanitised dataset. This empowers data controllers to envisage the re-identification vulnerabilities and apply more reliable measures for data publishing.
Finally, being aware of the risk and the insufficiency of existing data protection techniques, firstly we propose a privacy management framework for data controllers to improve the utility and security of differentially private data sharing with blockchain technology. Secondly, another framework which combines the blockchain and homomorphic encryption is proposed to outsource centralised anonymisation service and help data owners share data with multiple data controllers.
University of Southampton
Hu, Runshan
18986f90-49c4-430e-8047-3bf6b2be61c3
September 2020
Hu, Runshan
18986f90-49c4-430e-8047-3bf6b2be61c3
Sassone, Vladimiro
df7d3c83-2aa0-4571-be94-9473b07b03e7
Hu, Runshan
(2020)
Dealing with privacy risk: solutions to data sharing under the GDPR for data controllers.
Doctoral Thesis, 121pp.
Record type:
Thesis
(Doctoral)
Abstract
Personal data are increasingly needed to improve scientific research and decision making in several contexts. However, when collecting or processing data refers to individual respondents, privacy-preserving techniques must be implemented to sanitise or protect the data and guarantee the fundamental right to privacy of data subjects. The growing demand for consistent and comprehensive protection of personal data leads to the adoption of the new General Data Protection Regulation (GDPR).
In this thesis, we investigate privacy risk and data sharing solutions under the GDPR, providing data controllers with some data protection techniques to comply with the GDPR. We first explore the implications of a fundamental terminology - personal data, highlighted in the GDPR by interpreting three types of related data: pseudonymised data, Art.11 data and anonymised data, aiming to help data controllers identify what kind of data they are holding. We deploy a risk-based approach to determine how the existing data anonymisation techniques can be assessed in harmony with the new data types in the GDPR.
In light of the promotion of risk assessment methods in the GDPR and our proposed riskbased approach, we further develop a privacy risk mining framework based on machine learning, which consists of a two-phase clustering algorithm and a privacy risk tree model to detect record linkage risk of publishing a new sanitised dataset. This empowers data controllers to envisage the re-identification vulnerabilities and apply more reliable measures for data publishing.
Finally, being aware of the risk and the insufficiency of existing data protection techniques, firstly we propose a privacy management framework for data controllers to improve the utility and security of differentially private data sharing with blockchain technology. Secondly, another framework which combines the blockchain and homomorphic encryption is proposed to outsource centralised anonymisation service and help data owners share data with multiple data controllers.
Text
PTDThesis HU - SIGNED
Restricted to Repository staff only
More information
Published date: September 2020
Identifiers
Local EPrints ID: 447771
URI: http://eprints.soton.ac.uk/id/eprint/447771
PURE UUID: f23efa3e-c86d-439a-9491-cac9c33336e5
Catalogue record
Date deposited: 19 Mar 2021 17:35
Last modified: 16 Mar 2024 11:39
Export record
Contributors
Author:
Runshan Hu
Thesis advisor:
Vladimiro Sassone
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics