Differential confidentiality enables ethical data analysis
What is the current state of privacy regulations?
Protecting customer privacy remains a critical issue for businesses of all sizes. The increasing scale of digital operations now offers businesses vast amounts of consumer data, which can unlock insights into their preferences and behaviors, as well as power the next generation of innovation.
Consumers, CEOs and government regulators are rightly concerned about the privacy of raw data and how it is used and processed. To protect consumers and protect businesses from liability, governments around the world have instituted a number of data privacy laws and regulations. Many regard the European General Data Protection Regulation (GDPR) as the global standard, which establishes safeguards and states that personal data must be “processed lawfully, fairly and transparently in relation to the data subject”. One of these safeguards is related to techniques that prevent the identification of individuals. However, once the ability to identify an individual directly or indirectly is removed, the GDPR no longer applies to that data.
Other regions have modeled similar GDPR-inspired consent rules, including California’s Consumer Privacy Act and China’s Personal Information Shield Act. Just like with GDPR, these regulations do not mention any specific technology to protect individuals.
How to Ethically Handle and Protect User Data
Regardless of the legal requirements of the region of operation, there is no path to sustainable digitization without privacy protection. Mismanagement of large amounts of information exposes companies to serious or even irreparable damage to their public perception, as well as financial or criminal penalties.
The natural first step towards protection is to remove personal identifiers, but that doesn’t guarantee success. Crossing multiple data sources can reveal a great deal of customer information. Netflix, for example, once shared anonymized data with a third-party community, but when this data was cross-referenced with existing IMDb (Global Movie Directory Website) data, preferences could be accurately assigned to individual users, leaving them vulnerable. . Another case showing the weak protection of anonymization dates back to the mid-1990s, in which the Massachusetts Group Insurance Commission released anonymized data on hospital visits. A computer science graduate was able to re-identify the individuals in the dataset and sent the Massachusetts governor a detailed list, including diagnosis and prescriptions, of his own hospital visits. For more information on anonymization techniques, see the Article 29 Data Protection Working Party.
Automating the data analysis process could enable ethical management of large amounts of data. Differential privacy (DP) focuses on describing patterns of groups within a dataset while retaining information about the individuals within it. This approach, derived from academic research, guarantees a higher security threshold and allows companies to obtain information more securely.
Differential privacy systems rely on statistical noise (or carefully sampled random numbers) to intentionally distort, in a controlled manner, any means of recognizing individual identities. Going beyond simple name and address scrubbing, DP systems group together similar profiles and present trends in that group in a protected manner. This is why these systems are already being used by tech giants to better protect their user base.
Data in automotive development
While most conversations around data focus on its economic value, these discussions overlook the essential role of data in advancing the common good. Just as it can be used in medicine to identify diseases and develop cures, data can have an immense impact on public safety when properly leveraged by the automotive industry.
Transportation is built with a mutual public safety interest in mind. Drivers depend not only on their own abilities, but also on millions of other road users. As such, being able to aggregate metadata and better understand the habits, behaviors and likely reactions of drivers in various situations can have an immeasurable impact when it comes to protecting people from the dangers of the circulation. This type of information can not only lead to financial savings, but also save lives.
Of course, such information should not be obtained through information in which an individual can be identified, which is not where the key value lies anyway. Smart differential privacy systems could pull in this vital information without exposing everyday users.
Unfortunately, only a handful of key players in the automotive ecosystem are genuinely invested in improving the industry for all road users. To advance innovation and collaboration in the automotive industry, Ericsson has partnered with six other companies – CEVT, Polestar, Veoneer, Volvo Cars, Volvo Group and Zenseact – to create MobilityXlab.
MobilityXlab is a collaboration hub founded in 2017 to create and develop new innovations for future mobility – between partners and with startups. In the first five years, MobilityXlab has seen startups apply from 50 countries. The collaboration platform has given rise to 75 proofs of concept and 12 accelerations, in the form of commercial contracts or partnerships.
One example is startup DPella, which offers deep expertise in differential privacy. Ericsson worked with DPella to explore their software tool and models to better study data patterns and information while protecting the privacy of individual contributors to the raw data studied.
Differential Privacy – The Future of Data Analytics?
Differential privacy is a new technology that has already seen great success in the public and private sectors. In the United States, the US Census Bureau was the first to use this technology in the public sector to protect the privacy of the American population while collecting and disseminating data used for political and economic decision-making. In the private sector, tech giants such as Google, Apple and Facebook have used this technology to better protect their user base, suggesting this could be a good opportunity to test DP in Europe. As more industries embrace the benefits of differentiated privacy practices, mindsets will change and anonymized information will eventually change the way we manage, protect and share data. In the end, an ecosystem that shares data between its players is an ecosystem that improves much faster.
When it comes to the automotive industry, a reduced barrier to data sharing combined with increased analytical potential could revolutionize the industry and improve mobility for all. Organizations willing to take an early exploratory step could find themselves well ahead of the bend in the road.
Ericsson in automotive