Benchmarking Differential Privacy and Existing Anonymization or De-identification Guidance

Abstract

The project consisted of three phases: 1) Phase 1: Practical Assessment Framework of Differential Privacy 2) Phase 2: Experimentation Phase 3) Phase 3: Scope of Policies We have also conducted a survey of students, on their understanding and their attitude to different privacy concepts. The results of the survey can be found in the Appendices section.

The first phase focuses on technical aspects related to differential privacy. We were able to discover the inconsistencies in the definitions of differential privacy and its parameters. We were also able to identify the basic techniques and the limitations of differential privacy. These discoveries then allowed us to determine suitable language and identify opportunities to overcome challenges of implementing differential privacy and better optimize its use within existing frameworks.

In the second, exploratory phase we conducted 5 experiments to delve deeper into the intricacies of differential privacy. Phase 2 allowed us to answer fundamental questions about the relationship between the main techniques (pre-processing and post-processing) of differential privacy, differential privacy in a data privacy and data utility context, the relationship and combination of k-anonymity and differential privacy, and the comparison of privatized data to original data. We also concluded that some standard statistical techniques cannot be used in the context of assessing data privacy and data utility.

Although there has been considerable development of privacy enhancing technologies that go beyond anonymization, their relationship to the concept of anonymization in data protection law is not always clear. Currently, there are no clear guidelines that explain how differential privacy may be aligned with the concept of anonymization in privacy law or how it might relate to the relative approach to anonymization developed in Canadian case law. This third part of this project will examine how differential privacy can be integrated with legal requirements in PIPEDA and in the proposed Bill C-27.