Alternative Methodology and Framework for Assessing Differential Privacy Constraints and Consequences From a GDPR Perspective

Abstract

Nowadays, manipulation with personal data is constant and used in many industries, and while processing such data, questions arise related to the need to minimize or eliminate the risks of personal data disclosure. Meanwhile, various regulatory acts and laws, including GDPR, has been established to regulate the processing and collection of data, which, in practice, may result in unwanted personal data disclosure. However, data anonymization and a clear description of the term and process of anonymization are not clearly formulated in the context of the GDPR legislation, which causes the issue of multiple interpretations and poses additional risks of personal data disclosure. These issues create a valuable need to use different privacy-enhancing technologies such as differential privacy (DP). This study establishes hypotheses about the DP application and its limitation from the GDPR perspective. Furthermore, it considers technical and practical approaches for such integration and implications regarding personal data confidentiality. Finally, these hypotheses are presented in the framework of a future Doctoral study, which, among other things, will examine the significance of the DP concept in the existing legal ecosystem. This position paper proposes a novel approach to investigate the GDPR impact on data subject privacy with respect to the DP concept and focus on the anonymization level.