Integrating Empirical and Theoretical Privacy Strategies

In a discussion about synthetic data generation and privacy last week, Alexandra Ebert had this fascinating metaphor: « Would you rather sit in a car that's "theoretically" safe/safe on paper or one where the car manufacturer's new car model had to actually undergo (empirical) crash tests? » 🚘 In this metaphor, theoretical safety is differential privacy, and crash tests are empirical privacy tests. The former gives you formal, proven guarantees about the level of risk; the latter empirically compares the synthetic data to the true data to check that it doesn’t seem too revealing 📊 This got me wondering: is there something that anonymization practitioners can learn from industries with mature safety programs? 🤔 When automotive engineers start on a new design, they know all the properties of the materials they work with: elasticity, hardness, shear strength, and so on. They account for all this information in the design & manufacturing process, to predict what would happen during a crash: when will collision detectors activate, how materials will deform, how fast airbags will inflate… Those are all “theoretical” properties — calculations and simulations run before the car even gets built. Standards like ISO 26262 require all this — car manufacturers must be able to demonstrate the safety impact of every step of the design and manufacturing process, and quantify all the potential risks 🦺 So why do crash tests? Because they provide a final verification that the practice matches the theory. Sometimes, defects pop up in surprising places, or system components interact in an unforeseen way. This should not happen: by the time the car is actually thrown against a wall, engineers know how the car will behave, and the crash test is only there to check that nothing unexpected is happening. No car manufacturer would use this kind of final verification as a primary mechanism to ensure safety! 🤨 This is an excellent metaphor to draw parallels with the anonymization industry. Just like car manufacturers, vendors of anonymization tech should adopt a safety-first approach to building their products. They should fully understand their privacy guarantees, grounding those in a solid theoretical foundation, like — you guessed it — differential privacy. They should also be able to demonstrate that their implementation actually achieves the theoretical guarantees. There, end-to-end empirical tests can be useful¹, along with good security practices like publishing open-source code, building for auditability, writing unit tests, hiring third-party auditors, and so on 💡 Just using empirical tests as the core mechanism to provide privacy guarantees, though? Hmm. I know I wouldn’t want to climb in a car whose safety story boils down to “we smashed it against the wall 5 times and our dummies were fine every time” 😬 ¹ Though not all tests are created equal, and there’s more to say about that… but that’s a hot take for another time. #syntheticdata #privacy

Risk management is the cornerstone of ensuring that personal data processing respects individual rights and freedoms, particularly in today’s data-driven environment where privacy risks are substantial. This document, Risk Management and Impact Assessment in Personal Data Processing, serves as a comprehensive guide for implementing structured, GDPR-compliant strategies to protect data subjects against potential risks. Tailored for data controllers, processors, and Data Protection Officers (DPOs), it integrates both theoretical insights and practical methodologies for identifying, assessing, and mitigating risks to privacy. With step-by-step instructions, the guide explains critical processes, including conducting Data Protection Impact Assessments (DPIAs), establishing governance frameworks, and aligning with proactive risk management principles. It further delves into categorizing risk levels, applying security measures, and evaluating residual risk to ensure that data processing remains secure, transparent, and accountable. This thorough approach is indispensable for navigating the complexities of GDPR requirements while safeguarding individuals’ privacy. Ultimately, this document is essential for professionals dedicated to responsible data governance. It bridges regulatory demands with operational execution, making it an invaluable resource for building a privacy-conscious culture within organizations and upholding the standards that protect personal rights and freedoms in data processing activities.

There's tons of great context and history on anonymization in this article, but it ultimately wallows in its own key questions without providing a useful proposal. To start, anonymization isn't a myth. That's a stupid title. But once you get past that, the framework the authors lay out after the title provides a useful ontology of what "anonymization" might mean in a regulatory context: *Objective anonymization* as a legal standard would require that data not be re-identifiable in any circumstance by any recipient. This makes anonymization primarily a math and technology problem. This is the approach that aligns most strongly with differential privacy's theoretical privacy guarantees. *Subjective anonymization* as a legal standard would require that the risk of re-identification be evaluated in the context of the accessibility of related datasets and anticipated recipients. This approach aligns more closely to empirical privacy approaches. But it's inherently squishier than the objective standard, so compliance is a trickier question. The authors, unfortunately, lose steam after proposing this ontology. They don't answer the key question: how do you balance the bright-line compliance benefits of an objective standard with the practical advantages of a subjective standard? Here's the answer to that question: We can balance the strengths of objective and subjective approaches to anonymization regulation by following a *procedural* anonymization standard rather than a substantive one. And luckily, this already exists in an important, mature data protection law in the United States: HIPAA. HIPAA's de-identification standard allows organizations to achieve bright-line compliance through a re-identification audit conducted by a statistical expert. This audit takes into account the kinds of contextual risks covered by a subjective anonymization standard, but ensures these risks are examined, documented, and mitigated based on a provably rigorous analysis. Rather than focusing on which math problem we should solve to measure re-identification risk, we should focus on ensuring people are rigorously attempting to do the right math problem for their data and use case and documenting their methods and choices. And by providing a clear path to compliance despite the difficult task of coming up with a perfect measure of re-identification risk, we can ACTUALLY unlock the vast and valuable sensitive data to maximize the societal benefits of AI. Shoutout to Victoria Edelman, Esq., CIPP/US, AIGP and my cofounder David Singletary who both sent me this article on the same day! Have a great weekend!