Preserving Privacy in AI-Applications

Deloitte Whitepapers: Anonymization of Sensitive Data & Balancing Data Privacy with Data Utility

Artificial Intelligence (AI) is powered by data, so access to a great amount of it is key to unlock the full potential of AI. Compliance to privacy regulations is a critical primary step before proceeding with downstream development. Any organization incorporating AI effectively into its processes, products and services will know that preserving privacy in AI-applications is a crucial component of its data management strategy. This analysis – extending across two individual papers – examines the possibilities and risks around anonymization and pseudonymization techniques to achieve compliance, as well as exploring advanced and alternative data protection strategies.

Anonymization of sensitive data can play a critical role in preserving privacy – thereby building trust in Artificial Intelligence (AI) and its applications within society. Various anonymization techniques can shield individual privacy in the context of these datasets. Traditional approaches to anonymization focus on “data masking” to generate test data. In contexts where data processors must ensure that personal data are sufficiently anonymized, anonymization can be a strongly convincing argument vis-à-vis data subjects. Anonymized data can still be high quality, improving the performance of Artificial Intelligence systems.

Data Makes the Modern World Go Around

The exchange of data is the currency of our time. Organizations have become increasingly skilled at monetizing data – and keen to collect more. The free flow of information has created many business opportunities, as well as opportunities for theft. Embarrassing data breaches and costly cyber-attacks give cause to re-think how to add value with data while still maintaining privacy. Responsibly passing data along the data value chain requires strict controls and data-sharing agreements. In many cases, anonymized data may fully meet the needs for insights, thus reducing the risk of accidental or malicious re-identification that expose personal information.

Anonymization of Data

Anonymization is the process of manipulating data such that the resulting information is stripped of any elements that could identify the data subjects. Once anonymization techniques have been applied to sensitive data, it should no longer be possible to single out a specific individual, link to other sensitive information about the subjects included in the data or allow the data user to deduce a subject’s identity.

Key Contents of our Privacy Whitepapers

Download the whitepapers “Preserving Privacy in AI Applications trough Anonymization of Sensitive Date" here: Privacy 1 and "Diffential Privacy and Synthetic Data" here: Privacy 2 to learn more about:

  • Various techniques of data anonymization, pseudonymization (encryption, hash function, deterministic encryption, tokenization), and k-anonymity, as well as technical and organizational requirements for implementation.
  • Data strategies for pseudo- or full anonymization according to regulatory requirements (e.g. General Data Protection Regulation, GDPR).
  • Anonymization when transferring data to cloud or other 3rd Parties.
  • Re-identification or “de-anonymization” by matching a previously anonymized dataset with other datasets to deduce the natural person to whom that data belongs.
  • Advanced methods such as differential privacy – by modifying the data in ways to preserve analytical utility while protecting identities
  • Alternative strategies such as synthetic data – combining the concept of differential privacy with generative AI to create surrogate, representative data 

Deloitte is committed to ensuring the use of technology is trustworthy and ethical – for ourselves and our clients. Data privacy is a core competency. Partnering with best-in-class application developers along with a significant investment into a proprietary anonymization framework enables Deloitte and its clients to achieve their analytical or test data needs while protecting individual privacy. We provide a fundamental analysis of their data in the context of the associated use cases. Then we design and implement a data anonymization process that leverages various techniques of anonymization in line with the appropriate privacy models to fulfill the requirements of data protection laws.

Fanden Sie diese Information hilfreich?