A framework to balance privacy and data usability using data degradation

H.J.W. van Heerde, M.M. Fokkinga, N.L.G. Anciaux

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

3 Citations (Scopus)
75 Downloads (Pure)

Abstract

Personal data is a valuable asset for service providers. To collect such data, free services are offered to users, for whom the risk of loosing privacy by subscribing to a service is often not clear. Although the services are free in terms of money, the user does not know how much he or she actually pays for a given service when allowing his or her data to be collected, unaware of taking a significant privacy risk by doing so. In practice, this risk is even not taken into account when deciding how long the data will be retained; the service provider simply wants to optimize the total worth of the stored data by retaining the data as long as possible. In this paper, we express the privacy risk for the user in terms of such a retention period; the user wants to optimize its privacy by allowing the data to be retained as short as possible. Now, in stead of only considering the interests of the service provider, we argue that we should optimize the common interest of both parties, and present a framework to reason about worth and privacy to find such optimum. Going one step further, we refine and generalize limited retention to data degradation, which prescribes to store data in progressively less accurate forms. Data degradation gives users and service providers a fine grained control over the price to be paid, in terms of privacy risks, and to optimize their common interest: balancing privacy and data usability.
Original languageUndefined
Title of host publicationProceedings of the International Conference on Computational Science and Engineering (CSE2009)
Place of PublicationLos Alamitos
PublisherIEEE
Pages146-153
Number of pages8
ISBN (Print)978-0-7695-3823-5
DOIs
Publication statusPublished - Aug 2009
Event2009 IEEE International Conference on Information Privacy, Security, Risk and Trust, PASSAT 2009 - Vancouver, Canada
Duration: 29 Aug 200931 Aug 2009

Publication series

Name
PublisherIEEE Computer Society Press

Conference

Conference2009 IEEE International Conference on Information Privacy, Security, Risk and Trust, PASSAT 2009
Period29/08/0931/08/09
Other29-31 August 2009

Keywords

  • METIS-265218
  • Data degradation
  • EWI-15701
  • Privacy
  • DB-SDM: SECURE DATA MANAGEMENT
  • IR-67525

Cite this