Formalizing Data Deletion in the Context of the Right to be Forgotten

Slide Note
Embed
Share

In this research, the focus is on formalizing data deletion within the framework of the Right to be Forgotten, analyzing the challenges, implications, and legal aspects associated with data protection laws such as GDPR and CCPA. The study delves into the complexities of data processing services and the need to define system behavior accurately concerning data deletion processes.

wkal
wkal Follow

Uploaded on Oct 08, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Formalizing Data Deletion in the Context of the Right to be Forgotten Prashant Nalini Vasudevan UC Berkeley Joint work with Sanjam Garg and Shafi Goldwasser

  2. Data is in the air Shopping recommendations Advertisements Credit reports Democracy With big data comes big responsibility

  3. Data Protection Laws Older laws: HIPAA, FERPA, Title 13, DPD, General Data Protection Regulation (GDPR) California Consumer Privacy Act (CCPA)

  4. The Right to be Forgotten GDPR CCPA

  5. Complications with Processing Alicd Research Agency Alicf Is this behaviour acceptable? acceptable? Is this behaviour Alic___ deleted their height . . . Alicd: 6 Alice Alice: 5 xxxxxx Alicf: 7 . . . Memory

  6. Complications with Processing Alicd Research Agency Data Processing Service Alicf Is this behaviour acceptable? acceptable? Is this behaviour . . . . . . Alicd: 6 Alicd: 6 Alice Alice: 5 Alice: 5 xxxxxx Alicf: 7 . . . Alicf: 7 . . .

  7. Need to precisely define and understand behaviour of systems w.r.t. data deletion

  8. Other users, etc. Compare with: Data Collector Memory Memory (no communication) User

  9. (Formalized in terms of concepts from the UC framework [Can01]) Other users, etc. Environment Ideal World: Real World: Data Collector Memory Memory (no communication) User User asks for exactly all of its messages to be deleted Environment and User run in polynomial time (in security parameter)

  10. (Formalized in terms of concepts from the UC framework [Can01]) Ideal World: Environment Real World: Data Collector Memory Memory (no communication) ???? ????? ????? ????? User Data collector is ?-deletion-compliant if for all well-behaved environments and users, User asks for exactly all of its messages to be deleted Environment and User run in polynomial time (in security parameter) ????,??????? ?????,??????? ???? ????? ????? ????? ?? ?

  11. Ideal World: Alicd Alicd Research Agency Alicf Alicf (no communication) . . . . . . Alicd: 6 Alicd: 6 Alice Alice Alice: 5 xxxxxx Alicf: 7 Alicf: 7 . . . . . . . . .

  12. Alicd Alicd Research Agency Alicf Alicf . . . Alicd: 6 History Indep. Dictionary Alice Alice xxxxxx Alicf: 7 . . . History-Independent Data Structure [Mic97,NT01]: Implementation of a data structure where physical content of memory depends only on logical content of data structure

  13. Environment Alicd Data Processing Service Research Agency Alicf Is this instruct to delete still reveals Alice s data deletion-compliant? . . . . . . History History Alicd: 6 Indep. Dictionary Alicd: 6 Indep. Dictionary Alice xxxxxx Alice: 5 Alicf: 7 . . . Alicf: 7 . . .

  14. Environment Alicd Data Processing Service Research Agency Alicf Is this instruct to delete still reveals Alice s data deletion-compliant? History Indep. Dictionary History Indep. Dictionary Alice Under weaker definition of conditional deletion-compliance :

  15. Is this Environment deletion-compliant? Alicd Research Agency Journal Alicf In general Publish Statistics (public and cannot be modified later) If statistics are (differentially) private History Indep. Dictionary Alice Differentially Private Algorithms [DMNS06]: (very roughly) algorithms whose output distribution does not change by much if input is modified in a small number of locations

  16. Privacy and Deletion Privacy: No information about anyone should be revealed at any point Deletion-Compliance: Information about deleted data should not be revealed after it has been deleted Privacy is, broadly, a stronger requirement Deletion-compliance also implies some notion of privacy the data collector cannot reveal one user s data to another.

  17. Deletion in ML Considerable recent work on deleting training data from machine learning models [GGVZ19, CY15,ECS+19,GAS19,Sch20,BCC+19,BSZ20, ] Most are variations on: for a dataset ? and index ?, ????? ? ? ??????(?,????? ? ,?) Challenge is to delete efficiently History independence , in a sense, for ML models Can be used to get deletion-compliance in manner similar to differential privacy

  18. Summary Need to classify and precisely discuss deletion behavior in general data collectors Defined deletion-compliance, which captures a class of data collectors with strong deletion properties Lessons learnt: Need to allocate and handle memory carefully Need good authentication mechanism Can use privacy to already have deleted Can use specific deletion algorithms

  19. Not Featured Memory allocation and scheduling Modelling implies just one process running in system Concurrency All machines are taken to be sequential in our modelling Timing-based attacks Allowed leakage

  20. Questions A spectrum of definitions capturing various meaningful notions of deletion? Better understanding of which definition would be useful where. Composition of interacting compliant data collector subsystems? Definition at different levels of systems (such as [GGVZ19] vs. our work)? Definition that is more temporally accommodating Perhaps the deletion guarantee only needs to hold several weeks after a request is received. Some understanding of whether it is required of a data collector to honour a given deletion request. Reasonable notion of certification of deletion? Perhaps under some assumptions about the space available to the collector

  21. References [SRS17] Congzheng Song, Thomas Ristenpart, and Vitaly Shmatikov. Machine learning models that remember too much. CCS 2017 [VBE18] Michael Veale, Reuben Binns, and Lilian Edwards. Algorithms that remember: Model inversion attacks and data protection law. [Can01] Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. FOCS 2001 [Mic97] Daniele Micciancio. Oblivious data structures: Applications to cryptography. STOC 1997 [NT01] Moni Naor and Vanessa Teague. Anti-presistence: history independent data structures. STOC 2001 [DMNS06] Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam D. Smith. Calibrating noise to sensitivity in private data analysis. TCC 2006 [GGVZ19] Antonio Ginart, Melody Y. Guan, Gregory Valiant, and James Zou. Making AI forget you: Data deletion in machine learning.

  22. References [CY15] Yinzhi Cao and Junfeng Yang. Towards making systems forget with machine unlearning. IEEE S&P 2015 [ECS+19] Michael Ellers, Michael Cochez, Tobias Schumacher, Markus Strohmaier, and Florian Lemmerich. Privacy attacks on network embeddings. [GAS19] Aditya Golatkar, Alessandro Achille, and Stefano Soatto. Eternal sunshine of the spotless net: Selective forgetting in deep networks. [Sch20] Sebastian Schelter. amnesia - machine learning models that can forget user data very fast. CIDR 2020 [BCC+19] Lucas Bourtoule, Varun Chandrasekaran, Christopher A. Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, and Nicolas Papernot. Machine unlearning. [BSZ20] Thomas Baumhauer, Pascal Sch ttle, and Matthias Zeppelzauer. Machine unlearning: Linear filtration for logit-based classifiers. Icons from icons8.com, and Smashicons at flaticon.com.

Related


Encrypted Data Deletion for Cloud Storage Servers

Encrypted Data Deletion for Cloud Storage Servers

avrd662
Evaluation of Genomic Deletion in a 4-Month-Old Male with Bilateral Microphthalmia

Evaluation of Genomic Deletion in a 4-Month-Old Male with Bilateral Microphthalmia

greenawalt_b
Understanding AVL Trees: Operations, Insertion, and Deletion

Understanding AVL Trees: Operations, Insertion, and Deletion

yase
Genetic Analysis of 17p13.3 Deletion in a 10-Year-Old Female

Genetic Analysis of 17p13.3 Deletion in a 10-Year-Old Female

kenzelkr
Understanding Blockchain Data Structures and Hyperledger Implementation

Understanding Blockchain Data Structures and Hyperledger Implementation

harold
Priority Queues: Operations and Implementations

Priority Queues: Operations and Implementations

hel_wel
Administrator Deletes User - User Management System Storyboard

Administrator Deletes User - User Management System Storyboard

kish_2
Importance of Context in Statistical Machine Translation

Importance of Context in Statistical Machine Translation

rodderic
Understanding the Intersection of Blockchains and GDPR

Understanding the Intersection of Blockchains and GDPR

swa_win
Implementations and Operations of Tables for Managing Data

Implementations and Operations of Tables for Managing Data

jobe_so
Progress and Challenges in CRVS Legal Framework Review in Fiji Islands

Progress and Challenges in CRVS Legal Framework Review in Fiji Islands

dhrithi
Easy Data Augmentation for Language Models

Easy Data Augmentation for Language Models

tykel
Understanding AVL Trees: A Self-balancing Binary Search Tree

Understanding AVL Trees: A Self-balancing Binary Search Tree

darci
Making an Effective Referral

Making an Effective Referral

braelyn
Negotiation and Sale Agreement Essentials

Negotiation and Sale Agreement Essentials

dorothy
Understanding Boolean Algebra and Logical Statements

Understanding Boolean Algebra and Logical Statements

denzel
Introduction to Formalization and Valid Reasoning in Logic

Introduction to Formalization and Valid Reasoning in Logic

jax
Taxing the Informal Sector in Cameroon: Challenges and Strategies

Taxing the Informal Sector in Cameroon: Challenges and Strategies

abd_mou
Challenges and Policies in Formalising Women Workers in India

Challenges and Policies in Formalising Women Workers in India

omey498
Promoting Labor Rights of Migrant Workers in Chile

Promoting Labor Rights of Migrant Workers in Chile

kathe
Introduction to Propositional Logic: Formalization and Reasoning

Introduction to Propositional Logic: Formalization and Reasoning

lard800
National Industrial Security Program Policy Advisory Committee Industry Updates

National Industrial Security Program Policy Advisory Committee Industry Updates

giz_pal
Predicate Logic Problems and Solutions

Predicate Logic Problems and Solutions

love_516
Artificial Intelligence Course at University of South Carolina

Artificial Intelligence Course at University of South Carolina

rbuck

More Related Content

Updates and Reforms in the ESOS National Code 2018 for Schools Sector
Updates and Reforms in the ESOS National Code 2018 for Schools Sector
CSO-ECW Reflection Series Workshop Outcomes and Strategic Plan Input
CSO-ECW Reflection Series Workshop Outcomes and Strategic Plan Input
Understanding Synchronous Reactive Components in Autonomous Cyber-Physical Systems
Understanding Synchronous Reactive Components in Autonomous Cyber-Physical Systems
The Countdown Problem in Haskell Programming
The Countdown Problem in Haskell Programming
Formalizing the Informal Economy: A Gender Perspective in Thailand
Formalizing the Informal Economy: A Gender Perspective in Thailand
Dynamic Partial-Parallel Data Layout for Efficient Video Surveillance Storage
Dynamic Partial-Parallel Data Layout for Efficient Video Surveillance Storage
Overview of Vectors, Lists, and Sequences in C++
Overview of Vectors, Lists, and Sequences in C++
Understanding B+ Tree Data Structure
Understanding B+ Tree Data Structure
Understanding Integrity Constraints in Relational Database Systems
Understanding Integrity Constraints in Relational Database Systems
SQL Part II Lecture Summary: Nested Queries, Joins, and Updates for Database Applications
SQL Part II Lecture Summary: Nested Queries, Joins, and Updates for Database Applications
Exploring Heaps and Tries in Computer Science
Exploring Heaps and Tries in Computer Science
Understanding Data Encryption and File Security
Understanding Data Encryption and File Security
Comprehensive Overview of SQL: Commands and Categories
Comprehensive Overview of SQL: Commands and Categories
Understanding Arrays and Linked Lists in Computer Science
Understanding Arrays and Linked Lists in Computer Science
European Parliament Committee Study on Regulation Impact Regarding Deletion of
European Parliament Committee Study on Regulation Impact Regarding Deletion of "12 Days Exception" for Busses
Understanding B+ Tree Index Structure
Understanding B+ Tree Index Structure
Understanding Context-Free Languages and Grammars
Understanding Context-Free Languages and Grammars
Overview of Grammar Types and Chomsky Hierarchy
Overview of Grammar Types and Chomsky Hierarchy
Understanding Top-Down Parsing in Context-Free Syntax
Understanding Top-Down Parsing in Context-Free Syntax
Understanding the Right to Representation in Consumer Protection
Understanding the Right to Representation in Consumer Protection
Understanding Directory Structures in Operating Systems
Understanding Directory Structures in Operating Systems
Understanding Binary Heaps: Concepts and Implementations
Understanding Binary Heaps: Concepts and Implementations
Understanding Fibonacci Heaps and Operations
Understanding Fibonacci Heaps and Operations
Evolution of Theory and Knowledge Refinement in Machine Learning
Evolution of Theory and Knowledge Refinement in Machine Learning