Demo: Data Minimization and Informed Consent in Administrative Forms
Pages 3676 - 3678
Abstract
This article proposes a demonstration implementing the data minimization privacy principle, focusing on reducing data collected by government administrations through forms. Data minimization is defined in many privacy regulations worldwide, but has not seen extensive real-world application. We propose a model based on logic and game theory and show that it is possible to create a practical and efficient solution for a real French welfare benefit case.
References
[1]
A. Alhazmi and N. A. G. Arachchilage. I'm all ears! listening to software devel- opers on putting gdpr principles into software development practice. Personal and Ubiquitous Computing, 25(5):879--892, 2021.
[2]
N. Anciaux, S. Frittella, B. Joffroy, B. Nguyen, and G. Scerri. A new PET for data collection via forms with data minimization, full accuracy and informed consent. In Proc. of the 27th Extending Database Technology Conference, 2024, to appear.
[3]
T. Antignac, D. Sands, and G. Schneider. Data minimisation: a language-based approach. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 442--456. Springer, 2017.
[4]
A. J. Biega, P. Potash, H. Daumé, F. Diaz, and M. Finck. Operationalizing the legal principle of data minimization for personalization. In Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information Retrieval, pages 399--408, 2020.
[5]
B. Custers. Big data and data reuse: a taxonomy of data reuse for balancing big data benefits and personal data protection. International data privacy law, 6(1):4--15, 2016.
[6]
L. Determann and J. Tam. The california privacy rights act of 2020: A broad and complex data processing regulation that applies to businesses worldwide. Journal of Data Protection & Privacy, 4(1):7--21, 2020.
[7]
European Council. Regulation EU 2016/679 of the European Parliament and of the Council. Official Journal of the European Union (OJ), 59(1--88):294, 2016.
[8]
I. Brici, C. Mare, I. C. Mihai, and M. C. S, cheau. Privacy intrusiveness in financial-banking fraud detection. Risks, 9(6):104, 2021.
[9]
G. Galdon Clavell, M. Martín Zamorano, C. Castillo, O. Smith, and A. Matic. Auditing algorithms: On lessons learned and the risks of data minimization. In Proc. of the AAAI/ACM Conference on AI, Ethics, and Society, pages 265--271, 2020.
[10]
Q. Ramadan, D. Strüber, M. Salnitri, J. Jürjens, V. Riediger, and S. Staab. A semi-automated bpmn-based framework for detecting conflicts between security, data-minimization, and fairness requirements. Software and Systems Modeling, 19(5):1191--1227, 2020.
[11]
A. R. Senarath and N. A. G. Arachchilage. Understanding user privacy expecta- tions: A software developer's perspective. Telematics Informatics, 35(7):1845--1862, 2018.
[12]
S. Shabanian, D. Shanmugam, F. Diaz, M. Finck, and A. Biega. Learning to limit data collection via scaling laws: Data minimization compliance in practice. arXiv, July 2021.
[13]
O. Tene and J. Polonetsky. Privacy in the age of big data: a time for big decisions. Stan. L. Rev. Online, 64:63, 2011.
Index Terms
- Demo: Data Minimization and Informed Consent in Administrative Forms
Recommendations
Operationalizing the Legal Principle of Data Minimization for Personalization
SIGIR '20: Proceedings of the 43rd International ACM SIGIR Conference on Research and Development in Information RetrievalArticle 5(1)(c) of the European Union's General Data Protection Regulation (GDPR) requires that "personal data shall be [...] adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (`data ...
Assurance, Consent and Access Control for Privacy-Aware OIDC Deployments
Data and Applications Security and Privacy XXXVIIAbstractThe large amount of personal data that is shared in the digital age has proportionally increased the risks of user privacy violations. The same privacy risks are reflected in OpenID Connect, which is one of the most widespread protocols used for ...
On opening sensitive data sets in light of GDPR
ICEGOV '19: Proceedings of the 12th International Conference on Theory and Practice of Electronic GovernanceDisclosure of personal data is considered as one of the main threats for data opening. In this contribution we consider the data that are sensitive in GDPR terms (for example, criminal justice data within the Dutch justice domain) and discuss how they ...
Comments
Information & Contributors
Information
Published In
November 2023
3722 pages
ISBN:9798400700507
DOI:10.1145/3576915
- General Chairs:
- Weizhi Meng,
- Christian D. Jensen,
- Program Chairs:
- Cas Cremers,
- Engin Kirda
Copyright © 2023 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 November 2023
Check for updates
Author Tags
Qualifiers
- Demonstration
Funding Sources
Conference
CCS '23
Sponsor:
CCS '23: ACM SIGSAC Conference on Computer and Communications Security
November 26 - 30, 2023
Copenhagen, Denmark
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 112Total Downloads
- Downloads (Last 12 months)112
- Downloads (Last 6 weeks)9
Reflects downloads up to 30 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in