Formalizing Data Deletion in the Context of the Right to Be Forgotten

Garg, Sanjam; Goldwasser, Shafi; Vasudevan, Prashant Nalini

doi:10.1007/978-3-030-45724-2_13

Cited by 48 publications

(81 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The present work continues this vein of research in the context of the "right to be forgotten", that was recently pioneered by Garg, Goldwasser, and Vasudevan [GGV20]. They have defined a notion of deletion-compliance that sets formal guidelines for service providers -that we will hereby refer to as data-collectors -to satisfy in order to comply with data deletion requests in accordance with the law.…”

Section: Introductionmentioning

confidence: 72%

“…Deletion-compliance is not in itself a formal representation of a law, but rather a sufficient criteria to comply with the spirit of the law. In the formalism of [GGV20], a data-collector X interacts with two other entities: the deletion-requester Y that represents the set of users that request deletion of their data, and the environment Z that represents other users and any other entity. Interactions with the data-collector are described via a protocol π to which is associated a corresponding deletion protocol π D .…”

Section: Introductionmentioning

confidence: 99%

“…This forces strict privacy of the data entrusted to the collector. This property was endorsed by the authors of [GGV20]: they argue that a data-collector that discloses information from its users loses control over that information and thus the ability to delete every copy. However, one can see from the definition that leakage of a single bit of information to the environment -whether Y is silent or not -is sufficient to distinguish the real and ideal executions.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Deletion-Compliance in the Absence of Privacy

Godin,

Lamontagne

2022

Preprint

View full text Add to dashboard Cite

Garg, Goldwasser and Vasudevan (Eurocrypt 2020) invented the notion of deletion-compliance to formally model the "right to be forgotten", a concept that confers individuals more control over their digital data. A requirement of deletioncompliance is strong privacy for the deletion requesters since no outside observer must be able to tell if deleted data was ever present in the first place. Naturally, many real world systems where information can flow across users are automatically ruled out. The main thesis of this paper is that deletion-compliance is a standalone notion, distinct from privacy. We present an alternative definition that meaningfully captures deletion-compliance without any privacy implications. This allows broader class of data collectors to demonstrate compliance to deletion requests and to be paired with various notions of privacy. Our new definition has several appealing properties:-It is implied by the stronger definition of Garg, Goldwasser, and Vasudevan under natural conditions, and is equivalent when we add a strong privacy requirement. -It is naturally composable with minimal assumptions.-Its requirements are met by data structure implementations that do not reveal the order of operations, a concept known as history-independence. Along the way, we discuss the many challenges that remain in providing a universal definition of compliance to the "right to be forgotten."⋆ This is the full version of [GL21].

show abstract

Section: Introductionmentioning

confidence: 72%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Deletion-Compliance in the Absence of Privacy

Godin,

Lamontagne

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…For example, the work in [16] presents a statistical formulation of data deletion from machine learning similar to differential privacy and describes a method to achieve deletion in linear and logistic regression scenarios. A formulation of data deletion problems using cryptographic notations is presented in [17] with a brief discussion on deletion in ML models. Other works on statistical unlearning are also presented in [18]- [21].…”

Section: B Related Workmentioning

confidence: 99%

Coded Machine Unlearning

2021

View full text Add to dashboard Cite

Models trained in machine learning processes may store information about individual samples used in the training process. There are many cases where the impact of an individual sample may need to be deleted and unlearned (i.e., removed) from the model. Retraining the model from scratch after removing a sample from its training set guarantees perfect unlearning, however, it becomes increasingly expensive as the size of training dataset increases. One solution to this issue is utilizing an ensemble learning method that splits the dataset into disjoint shards and assigns them to non-communicating weak learners and then aggregates their models using a pre-defined rule. This framework introduces a trade-off between performance and unlearning cost which may result in an unreasonable performance degradation, especially as the number of shards increases. In this paper, we present a coded learning protocol where the dataset is linearly coded before the learning phase. We also present the corresponding unlearning protocol for the aforementioned coded learning model along with a discussion on the proposed protocol's success in ensuring perfect unlearning. Finally, experimental results show the effectiveness of the coded machine unlearning protocol in terms of performance versus unlearning cost trade-off.INDEX TERMS Machine unlearning, random coding, efficient sample removal.

show abstract

“…Third-party services can use data both for legitimate and non-legitimate purposes, and an aggressive sharing of data increases the probability of non-legitimate uses. Examples of non-legitimate uses are unfair prices or insurance premiums, stigmatization of people and, in the worst case, the unfair punishment of people in non-honest states [ 4 ]. Furthermore, any service that stores data centrally is potentially the target of malicious attacks.…”

Section: Introductionmentioning

confidence: 99%

P2T: Pay to Transport

Barbàra

Schifanella

2021

Euro-Par 2020: Parallel Processing Workshops

View full text Add to dashboard Cite

We present Pay To Transport (P2T), a protocol that lets customers buy an item remotely in an atomic, privacy preserving and trustless manner. P2T needs only basic features of a blockchain scripting language and does not need any tracking systems, arbitrator or deposit to preserve its security properties. For this reason the protocol can be implemented on any permissionless blockchain, regardless of its scripting language, without additional trust. Merchants’ and transporters’ addresses are public, but in P2T the parties never pay those addresses directly. Therefore P2T maintains the privacy of customers, merchant and transporters.

show abstract

Formalizing Data Deletion in the Context of the Right to Be Forgotten

Cited by 48 publications

References 20 publications

Deletion-Compliance in the Absence of Privacy

Deletion-Compliance in the Absence of Privacy

Coded Machine Unlearning

P2T: Pay to Transport

Contact Info

Product

Resources

About