期刊論文

標題 Examining Compliance with Personal Data Protection Regulations in Interorganizational Data Analysis
學年 110
學期 1
出版(發表)日期 2021/10/16
作品名稱 Examining Compliance with Personal Data Protection Regulations in Interorganizational Data Analysis
作品名稱(其他語言)
著者 Szu Chuang Li; Yi-Wen Chen; Yennun Huang
單位
出版者
著錄名稱、卷期、頁數 Sustainability 13(20), 11459
摘要 The development of big data analysis technologies has changed how organizations work. Tech giants, such as Google and Facebook, are well positioned because they possess not only big data sets but also the in-house capability to analyze them. For small and medium-sized enterprises (SMEs), which have limited resources, capacity, and a relatively small collection of data, the ability to conduct data analysis collaboratively is key. Personal data protection regulations have become stricter due to incidents of private data being leaked, making it more difficult for SMEs to perform interorganizational data analysis. This problem can be resolved by anonymizing the data such that reidentifying an individual is no longer a concern or by deploying technical procedures that enable interorganizational data analysis without the exchange of actual data, such as data deidentification, data synthesis, and federated learning. Herein, we compared the technical options and their compliance with personal data protection regulations from several countries and regions. Using the EU’s GDPR (General Data Protection Regulation) as the main point of reference, technical studies, legislative studies, related regulations, and government-sponsored reports from various countries and regions were also reviewed. Alignment of the technical description with the government regulations and guidelines revealed that the solutions are compliant with the personal data protection regulations. Current regulations require “reasonable” privacy preservation efforts from data controllers; potential attackers are not assumed to be experts with knowledge of the target data set. This means that relevant requirements can be fulfilled without considerably sacrificing data utility. However, the potential existence of an extremely knowledgeable adversary when the stakes of data leakage are high still needs to be considered carefully.
關鍵字 personal data protection;privacy;federated learning;data deidentification
語言 英文(美國)
ISSN 2071-1050
期刊性質 國外
收錄於 SCI;SSCI;
產學合作 國內;
通訊作者
審稿制度
國別 中華民國
公開徵稿
出版型式 ,電子版