Privacy and Policy in Polystores: A Data Management Research Agenda

Kroll, Joshua A.; Kohli, Nitin; Laskowski, Paul

doi:10.1007/978-3-030-33752-0_5

Cited by 12 publications

(10 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although institutional ethics committees are tasked by the World Health Organization ( 2009 ) to protect subjects from anticipated harm, they have few means to do so beyond the initial project approval phase. Common mechanisms recommended for protecting data throughout a project's lifetime, such as anonymization and aggregation, have known limitations that have led to privacy violations (Kroll et al, 2019 ; Cummings and Durfee, 2020 ; McGraw and Petersen, 2020 ). More advanced privacy-enhancing mechanisms, such as based on the notion of differential privacy (Dwork et al, 2006 ) might protect data for the project duration, but are difficult to make use of in many scenarios (Kroll et al, 2019 ) and are too restrictive.…”

Section: Introductionmentioning

confidence: 99%

“…Common mechanisms recommended for protecting data throughout a project's lifetime, such as anonymization and aggregation, have known limitations that have led to privacy violations (Kroll et al, 2019 ; Cummings and Durfee, 2020 ; McGraw and Petersen, 2020 ). More advanced privacy-enhancing mechanisms, such as based on the notion of differential privacy (Dwork et al, 2006 ) might protect data for the project duration, but are difficult to make use of in many scenarios (Kroll et al, 2019 ) and are too restrictive. Yang et al ( 2012 ) summarized issues with differential privacy in data management involving large scale personal information.…”

Section: Introductionmentioning

confidence: 99%

“…Inspired by Shneiderman, we argue for auditing, independent oversight, and trustworthy certification for data accesses. Building accountability around the applicable laws and the dynamic privacy risks landscape is the way forward (Kroll et al, 2019 ; McGraw and Petersen, 2020 ). Subject's perception of privacy might change over time and depend upon the purpose data is collected for (Sharma et al, 2020 ).…”

Section: Introductionmentioning

confidence: 99%

“…Also, the interpretation of sensitive data is a topic of debate among technologists and lawyers. Data analysis techniques, such as statistical inferences can blur the lines between personally identifiable information (PII) and not-PII (Kroll et al, 2019 ).…”

Section: Introductionmentioning

confidence: 99%

“…Similar novel correlations can be exploited for commercial interests (Dāvida, 2020 ). Kroll et al ( 2019 ) argue that it is difficult to differentiate sensitive data. Perceived sensitivity of some data object can also change from the time it is collected to the time it is analyzed.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Up-to-the-Minute Privacy Policies via Gossips in Participatory Epidemiological Studies

et al. 2021

View full text Add to dashboard Cite

Researchers and researched populations are actively involved in participatory epidemiology. Such studies collect many details about an individual. Recent developments in statistical inferences can lead to sensitive information leaks from seemingly insensitive data about individuals. Typical safeguarding mechanisms are vetted by ethics committees; however, the attack models are constantly evolving. Newly discovered threats, change in applicable laws or an individual's perception can raise concerns that affect the study. Addressing these concerns is imperative to maintain trust with the researched population. We are implementing Lohpi: an infrastructure for building accountability in data processing for participatory epidemiology. We address the challenge of data-ownership by allowing institutions to host data on their managed servers while being part of Lohpi. We update data access policies using gossips. We present Lohpi as a novel architecture for research data processing and evaluate the dissemination, overhead, and fault-tolerance.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Up-to-the-Minute Privacy Policies via Gossips in Participatory Epidemiological Studies

et al. 2021

View full text Add to dashboard Cite

show abstract

Designing a Service for Compliant Sharing of Sensitive Research Data

Sharma

Nilsen

Johansen

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Data-driven research is increasingly becoming fueled by access to open datasets, often shared publicly on the Internet. However, many research projects study sensitive data. They cannot easily participate in this shift as access to their data is significantly controlled by ethical and regulatory constraints. This paper discusses the requirements for building a service that enables sensitive data for sharing between collaborators in a controlled manner. We argue that a decentralized service that maintains metadata, a global view on all data usage, and active policy combined with local monitoring and security enforcement can provide automated compliance checking. With such a service, researchers can share sensitive data with a broader community rather than limiting access to core project members.

show abstract