Privacy-Preserving Data Sharing for Australia’s Digital Economy
The most valuable resource in the world is no longer oil or gold, but data.1 Various sources predict exponential data growth toward 2020 and beyond and there is a broad consensus that the digital universe will double at least every two years – which will see a 50-fold increase between 2010 and 2020.2 However, major privacy issues can discourage the use of valuable data sources.
The ability to share data beyond the boundaries of an organisation, business or government department is fundamental to the Australian economy becoming smarter and truly digital.3 The ability to generate data about almost anything at any time is leading to an explosion of new business models and insights.
As a result, we are experiencing a period of tremendous development. There are innovative products and services being created, which strive to perfect aspects of everyday life through efficiency and safety and by allowing more informed decision making.4 The seamless transmission of data between individuals, organisations and governments is essential in the development of modern smart cities and for smart services in homes or those delivered by government departments.
From a consumer perspective there exists a thirst for locally optimised, individually-personalised services which requires obtaining, analysing and sharing personal information.4 However, there are growing concerns around the ability of organisations and governments to store, process, analyse, interpret, consume and act upon data without invading an individual’s privacy.5
Ensuring that privacy is preserved while data is shared and analysed is a multidisciplinary problem and the challenges involve legal and policy frameworks, ethical debates about privacy and transparency, standards of data security requirements, and examining the potential for unintended consequences which arise from linking shared data. Enabling the collection, analysis and sharing of sensitive data, and ensuring privacy for individual subjects rests on a collaborative effort which brings together computer science, social science, statistics, encryption software and law.
CSIRO’s Data61 has dedicated some specific effort to resolving privacy challenges, including guidelines for confidential data, enabling the analysis of data in a way that preserves privacy (including our N1 Analytics project ), and a framework for de-identification.
Resolving the privacy challenge
The path to success is a process, rather than a product. Definitions and measures of privacy and data utility must be developed and there is the need to design an array of technological, legal and policy tools for dealing with sensitive data.6
By addressing these challenges Australia can capitalise on the opportunities of the data age and meet growing public expectations of data utilisation.7 The ability to preserve privacy in data sharing practices will be vital in maintaining public trust and providing economy-wide confidence in the benefits of data analytics.
The role of trust
Trust is the most important factor when assessing willingness to share data.8 What erodes trust is the fear that sharing personal data may lead to unintended consequences, adverse outcomes or an invasion of privacy. The challenge of dealing with privacy is intrinsically linked to the extent to which information is ‘anonymised’. Standards which regulate anonymity are generally limited to high-level guidance frameworks in much of the world.4 Data61’s Science Vision outlines the importance of trust in data, trust in systems and trust in data technology enabled socio-technical systems – a chain of trust that is easily broken without evidence proving the security of data.
The concept of ‘anonymised’ is often vaguely defined instead of something which can be measured quantitatively.3 This leads to significant variation in how organisations perceive the data they collect and whether or not it ensures privacy and anonymity. Moving into the future there would be incredible value in investigating two major questions: firstly, what is an effective test which can be used to determine if personally identifiable information is present within an anonymised dataset? Secondly, is it possible to create a quantitative measure of anonymity which can be used as a nationwide standard?
Putting numbers behind privacy
Technology can support the development of quantifiable privacy standards which address concerns around re-identification. Homomorphic encryption has offered the most exciting developments in securing privacy in data analytics and allows the addition, multiplication, subtraction and division of encrypted numbers;9 a third party is permitted to operate encrypted data without decrypting it in advance which maintains privacy of the sensitive data.10 Privacy preserving linkage is another technology which relies on hash functions to allow databases to be linked together without revealing who is in the database.11 The functions convert sensitive personal information into keys that allow a matching of personal data between different databases.4 These techniques permit data to be analysed while maintaining anonymity for the people whose data is involved. Together with other practices such as determining minimum cohort size and differential privacy, these technology can be used to determine an acceptable degree of anonymisation which can then be agreed upon and communicated.4
This contributes to the extent to which Australians can confidently interact online while technical progress advances to further alleviate privacy and data security concerns of data sharing.12
The legislation, and the future
At the moment Australia’s legal and policy frameworks for how public and private sector data is collected, stored and used in Australia is ad hoc and out-of-date. Fundamental and systemic change is needed in the way that Australian governments, businesses and individuals handle data.7 The Australian productivity commission recognised this need, suggesting the creation of a new Commonwealth act – the Data Sharing and Release Act (DSR Act). This legislative change is designed to give consumers new rights to use their digital data, and data holder’s permission to be pro-active about data possibilities to create and utilise value.7
Security technologies and proactive governance schemes can help to ensure that the public feels empowered in the digital world – a world in which many have already given up hope of maintaining their privacy. The reward for Australia will be the creation of value for industry, increasing the efficiency of government programs, projects and services, and allowing more informed decision-making for citizens while ensuring that their right to privacy never diminishes.
- Leaders. The worlds most valuable resource is no longer oil, but data. [Internet]. 2017 Available from.
- Ffoulkes P. 2017. The intelligent use of big data on an industrial scale. Enteprise HewlettPackard InsideBIGDATA LLC. Portland, United States.
- ACS. 2017. The Digital Ecomoy: Opening up the Conversation. Australian Computer Society. Sydney, Australia.
- ACS. 2017. Data Sharing Frameworks. Australian Computer Society. Sydney, Australia.
- Pike S K, Maureen; Gelnaw, Angela;. 2017. Measuring U.S. Privacy Sentiment: An IDC Special Report. International Data Corporation. Framingham, United States.
- Lab D P. 2018. Harvard University Privacy Tools Project. Science Harvard School of Engineering and Applied Harvard University. Cambridge, United States.
- PC. 2017. Data availability and use – capturing the opportunities of the digital age. Commission Productivity Australian Government. Canberra, Australia.
- MIT. 2018. Developing privacy-preserving identitiy systems and safe distributed computation, enabling an Internet of Trusted Data. Science MIT Connection Massachusetts Institute of Technology. Cambridge, United States.
- Hammamo H B, Hanen; Brahmi, Imen; Yahia, Sadok Ben;. 2017. Using Homomorphic Encryption to Compute Privacy Preserving Data Mining in a Cloud Computing Environment. Information Systems, 299(397-413.
- Acar A A, Hidayet; Uluagac, Selcuk; Conti, Mauro;. 2017. A Survey on Homomorphic Encryption Schemes: Theory and Implementation. Security Crpyotgraphy and Cornell University. Ithaca, United States.
- Vatsalan D C, Peter; Rahm, Rahm. 2017. Scalable Multi-Database Privacy-Preserving Record Linkage using Counting Bloom Filters. Library Cornell University Cornell University. Ithaca, United States.
- DIIS. 2017. The Digital Economy: Opening up the Conversation. Department of Industry Innovatioon, and Science Australian Government. Canberra, Australia.