PDF Basket
‘Big data’ – the immense trove of information that corporations collect about customer behaviour – has the potential to offer customers exactly what they want, sometimes before they know they want it. But often, that data can be analysed to identify individuals and even to reveal the specifics of individual behaviour in ways that many people find alarming.
In response to concerns from privacy activists, and after years of preparation, the European Union began implementing the General Data Protection Regulation (GDPR) on 25 May 2018. GDPR is designed to preserve privacy rights by requiring companies to obtain a customer’s consent about how they use consumer data. Public confusion lingers, however, about how much information companies collect and how they use it.
An EU-funded research project called DAPPER has developed a method that could help to solve this most complex issue. The key is choice. Among other results, the DAPPER method allows companies to analyse consumer information, but only using a level of analysis that each consumer can select.
‘A capstone result of the project is the development of methods to capture information about correlations within data and use them to accurately reveal information about behaviour of users,’ says principal investigator Graham Cormode of the University of Warwick in the UK. ‘For example, results could be used to gather information about the correlation between smoking and lung disease, without revealing the smoking status or disease status of any individual.’
Mixing randomness with choice
One widely accepted method for guaranteeing strong privacy rights in big data analysis is called differential privacy. This introduces a random element into how an organisation accesses a client’s data, making it nearly impossible to reconstruct individual identity after analysing group behaviour.
The problem is that differential privacy assumes that all individuals have the same preferences. Some might allow for less privacy, if that meant better choices; some might demand total privacy.
Enter DAPPER. The project focused on four areas of research. The first, synthetic private data, proposes a new definition for digital privacy: personalised differential privacy, in which users specify a personal privacy requirement for their data.
Organisations – whether corporations, governments or university researchers – could analyse subject behaviour, but only using parameters that the subjects set themselves. The result allows customers to make their own privacy choices while giving companies the insight they need to offer better products.
Other research areas included correlated data modelling, which provides algorithms for analysing statistics while respecting privacy safeguards; data utility enhancement, which helps construct accurate graph-structured data while protecting privacy; and trajectory data, which developed a method for analysing GPS data about users while protecting information about an individual’s location.
A better balance
Project results should soon find their way into the private sector. ‘Methods for collecting data have been deployed by Google, Microsoft and Apple in recent years,’ Cormode says. ‘The methods we developed in this project have the potential to be incorporated into these systems, allowing the gathering of more sophisticated data on user activity while preserving privacy.’
Most of the project’s funds supported the research of two PhD candidates: Tejas Kulkarni at the University of Warwick, and Jun Zhang at the National University of Singapore. After Kulkarni has completed his dissertation, he will explore ways to safeguard privacy in machine learning.
DAPPER received funding through the EU’s Marie Skłodowska-Curie Actions programme.