Properties of Effective Information Anonymity Regulations

TL;DR

This paper develops technical requirements for data anonymization regulations, ensuring privacy while allowing data utility, and evaluates interpretations of GDPR using these principles.

Contribution

It introduces a formal set of criteria for effective anonymization regulations based on a simple data processing model.

Findings

Proposes a framework for evaluating anonymization regulations

Applies the framework to interpret GDPR requirements

Identifies key properties for effective data anonymization

Abstract

A firm seeks to analyze a dataset and to release the results. The dataset contains information about individual people, and the firm is subject to some regulation that forbids the release of the dataset itself. The regulation also imposes conditions on the release of the results. What properties should the regulation satisfy? We restrict our attention to regulations tailored to controlling the downstream effects of the release specifically on the individuals to whom the data relate. A particular example of interest is an anonymization rule, where a data protection regulation limiting the disclosure of personally identifiable information does not restrict the distribution of data that has been sufficiently anonymized. In this paper, we develop a set of technical requirements for anonymization rules and related regulations. The requirements are derived by situating within a simple abstract model of data processing a set of guiding general principles put forth in prior work. We describe an approach to evaluating such regulations using these requirements -- thus enabling the application of the general principles for the design of mechanisms. As an exemplar, we evaluate competing interpretations of regulatory requirements from the EU's General Data Protection Regulation.