期刊論文
| 學年 | 110 |
|---|---|
| 學期 | 1 |
| 出版(發表)日期 | 2021-10-16 |
| 作品名稱 | Examining Compliance with Personal Data Protection Regulations in Interorganizational Data Analysis |
| 作品名稱(其他語言) | |
| 著者 | Szu Chuang Li; Yi-Wen Chen; Yennun Huang |
| 單位 | |
| 出版者 | |
| 著錄名稱、卷期、頁數 | Sustainability 13(20), 11459 |
| 摘要 | The development of big data analysis technologies has changed how organizations work. Tech giants, such as Google and Facebook, are well positioned because they possess not only big data sets but also the in-house capability to analyze them. For small and medium-sized enterprises (SMEs), which have limited resources, capacity, and a relatively small collection of data, the ability to conduct data analysis collaboratively is key. Personal data protection regulations have become stricter due to incidents of private data being leaked, making it more difficult for SMEs to perform interorganizational data analysis. This problem can be resolved by anonymizing the data such that reidentifying an individual is no longer a concern or by deploying technical procedures that enable interorganizational data analysis without the exchange of actual data, such as data deidentification, data synthesis, and federated learning. Herein, we compared the technical options and their compliance with personal data protection regulations from several countries and regions. Using the EU’s GDPR (General Data Protection Regulation) as the main point of reference, technical studies, legislative studies, related regulations, and government-sponsored reports from various countries and regions were also reviewed. Alignment of the technical description with the government regulations and guidelines revealed that the solutions are compliant with the personal data protection regulations. Current regulations require “reasonable” privacy preservation efforts from data controllers; potential attackers are not assumed to be experts with knowledge of the target data set. This means that relevant requirements can be fulfilled without considerably sacrificing data utility. However, the potential existence of an extremely knowledgeable adversary when the stakes of data leakage are high still needs to be considered carefully. |
| 關鍵字 | personal data protection;privacy;federated learning;data deidentification |
| 語言 | en_US |
| ISSN | 2071-1050 |
| 期刊性質 | 國外 |
| 收錄於 | SCI SSCI |
| 產學合作 | 國內 |
| 通訊作者 | |
| 審稿制度 | 是 |
| 國別 | TWN |
| 公開徵稿 | |
| 出版型式 | ,電子版 |
| 相關連結 |
機構典藏連結 ( http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/121963 ) |