Privacy Regulation Observatory

The concerns of the project about privacy cannot deal only with technical matters. Privacy is regulated at the European level by Directive 95/46/EC (Oct. 24, 1995) and Regulation (EC) No 45/2001 (December 18, 2000).In such documents, general statements about “identifiably” of an individual are given, such as:

“To determine whether a person is identifiable, account should be taken of all the means likely to be reasonably used either by the controller or by any person to identify the said person. The principles of protection should not apply to data rendered anonymous in such a way that the data subject is no longer identifiable.”

Our research must realize tools and methodologies that comply with such general statements. It can also produce refinements of such statements by identifying methodologies and procedures that may be considered (un-) correct.

One of the activities of the project will then be the management of an observatory that interacts with national and EC authorities in charge of privacy issues. The activities of the observatory will be to create and maintain relationships with the EC authority and with at least some of the national authorities of the countries of the partners of the consortium. Contacts with the authority of the country of the coordinator are already under way. This activity will be carried out in collaboration with the WG on Privacy and Security Issues of the KDubiq NoE.

Such relationships will be aimed at implementing correctly the regulations into our methods and tools and, more ambitiously, to provide refinements of the technical regulations about privacy preserving analysis methods for future revisions of the regulations themselves.

Another important aspect is the interaction with all those organizations that recognize the need for location privacy standards. For example, Geopriv (see the website), which is an IETF (Internet Engineering Task Force) working group aimed at examining some of the risks associated with location-based services. Such a project has proposed several requirements for location privacy, including limited identifiability and customisable rules for controlling how data flows. Another example is Privacy International (PI), a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations. A member of our project is in the advisory board of Privacy International.Dissemination will include an annual GeoPKDD workshop devoted to presenting achievements and to act as an international forum for spatio-temporal privacy-preserving data mining.