What a Hybrid Legal-Technical Analysis Teaches Us About Privacy Regulation: The Case of Singling Out

57 Pages Posted: 16 Oct 2020

See all articles by Micah Altman

Micah Altman

Center for Research in Equitable and Open Scholarship

Aloni Cohen

Boston University - Hariri Institute for Computing, School of Law

Kobbi Nissim

Georgetown University - Department of Computer Science

Alexandra Wood

Harvard University - Berkman Klein Center for Internet & Society

Date Written: August 27, 2020

Abstract

This article advocates a hybrid legal-technical approach to the evaluation of technical measures designed to render information anonymous in order to bring it outside the scope of data protection regulation. The article demonstrates how such an approach can be used for instantiating a key anonymization concept appearing in the EU General Data Protection Regulation (GDPR) -- singling out. The analysis identifies and addresses a tension between a common, compelling theory of singling out and a mathematical analysis of this theory, and it demonstrates how to make determinations regarding the sufficiency of specific technologies for satisfying regulatory requirements for anonymization.

Doubts about the feasibility of effective anonymization and de-identification have gained prominence in recent years in response to high-profile privacy breaches enabled by scientific advances in privacy research, improved analytical capabilities, the wider availability of personal data, and the unprecedented richness of available data sources. At the same time, privacy regulations recognize the possibility, at least in principle, of data anonymization that is sufficiently protective so as to free the resulting (anonymized) data from regulation. As a result, practitioners developing privacy enhancing technologies face substantial uncertainty as to the legal standing of these technologies. More fundamentally, it is not clear how to make a determination of compliance even when the tool is fully described and available for examination.

This gap is symptomatic of a more general problem: Legal and technical approaches to data protection have developed in parallel, and their conceptual underpinnings are growing increasingly divergent. When lawmakers rely on purely legal concepts to engage areas that are affected by rapid scientific and technological change, the resulting laws, when applied in practice, frequently create substantial uncertainty for implementation; provide contradictory recommendations in important cases; disagree with current scientific technical understanding; and fail to scale to the rapid pace of technological development. This article argues that new hybrid concepts, created through technical and legal co-design, can inform practices that are practically complete, coherent, and scalable.

As a case study, the article focuses on a key privacy-related concept appearing in Recital 26 of the General Data Protection Regulation (GDPR) called singling out. We identify a compelling theory of singling out that is implicit in the most persuasive guidance available, and demonstrate that the theory is ultimately incomplete. We then use that theory as the basis for a new and mathematically rigorous privacy concept called predicate singling-out. Predicate singling-out sheds light on the notion of singling out in the GDPR, itself inextricably linked to anonymization. We argue that any data protection tool that purports to anonymize arbitrary personal data under the GDPR must prevent predicate singling-out. This enables, for the first time, a legally- and mathematically-grounded analysis of the standing of supposed anonymization technologies like k-anonymity and differential privacy. The analysis in this article is backed by a technical-mathematical analysis previously published by two of the authors.

Conceptually, our analysis demonstrates that a nuanced understanding of baseline risk is unavoidable for a theory of singling out based on current regulatory guidance. Practically, it identifies previously unrecognized failures of anonymization. In particular, it demonstrates that some k-anonymous mechanisms may allow singling out, challenging the prevailing regulatory guidance.

The article concludes with a discussion of specific recommendations for both policymakers and scholars regarding how to conduct a hybrid legal-technical analysis. Rather than formalizing or mathematizing the law, the article provides approaches for wielding formal tools in the service of practical regulation.

Keywords: singling out, GDPR, data anonymization, differential privacy, k-anonymity, information privacy law

Suggested Citation

Altman, Micah and Cohen, Aloni and Nissim, Kobbi and Wood, Alexandra, What a Hybrid Legal-Technical Analysis Teaches Us About Privacy Regulation: The Case of Singling Out (August 27, 2020). Available at SSRN: https://ssrn.com/abstract=3681729 or http://dx.doi.org/10.2139/ssrn.3681729

Micah Altman

Center for Research in Equitable and Open Scholarship ( email )

77 Massachusetts Avenue
50 Memorial Drive
Cambridge, MA 02139-4307
United States

HOME PAGE: http://micahaltman.com

Aloni Cohen (Contact Author)

Boston University - Hariri Institute for Computing, School of Law ( email )

765 Commonwealth Avenue
Boston, MA 02215
United States

Kobbi Nissim

Georgetown University - Department of Computer Science ( email )

37th & O St., NW
St. Mary's Hall 329A
Washington, DC 20057
United States

Alexandra Wood

Harvard University - Berkman Klein Center for Internet & Society ( email )

Harvard Law School
23 Everett, 2nd Floor
Cambridge, MA 02138
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
174
Abstract Views
954
rank
223,075
PlumX Metrics