Automatic de-identification of Data Download Packages
This addresses privacy protection for citizens and researchers using DDPs, but it appears incremental as it builds on existing de-identification methods tailored to DDP characteristics.
The paper tackles the problem of protecting privacy in Data Download Packages (DDPs) under GDPR by developing de-identification software that handles diverse file structures and content, and it investigates the software's performance and adaptability to specific DDP structures.
The General Data Protection Regulation (GDPR) grants all natural persons the right of access to their personal data if this is being processed by data controllers. The data controllers are obliged to share the data in an electronic format and often provide the data in a so called Data Download Package (DDP). These DDPs contain all data collected by public and private entities during the course of citizens' digital life and form a treasure trove for social scientists. However, the data can be deeply private. To protect the privacy of research participants while using their DDPs for scientific research, we developed de-identification software that is able to handle typical characteristics of DDPs such as regularly changing file structures, visual and textual content, different file formats, different file structures and accounting for usernames. We investigate the performance of the software and illustrate how the software can be tailored towards specific DDP structures.