Limiting Data Collection in Application Forms : A real-case application of a Founding Privacy Principle

Nicolas Anciaux 1 Benjamin Nguyen 1 Michalis Vazirgiannis 2, 3
1 SMIS - Secured and Mobile Information Systems
PRISM - Parallélisme, Réseaux, Systèmes, Modélisation, UVSQ - Université de Versailles Saint-Quentin-en-Yvelines, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR8144
Abstract : Application forms are often used by companies and administrations to collect personal data about applicants and tailor services to their specific situation. For example, taxes rates, social care, or personal loans, are usually calibrated based on a set of personal data collected through application forms. In the eyes of privacy laws and directives, the set of personal data collected to achieve a service must be restricted to the minimum necessary. This reduces the impact of data breaches both in the interest of service providers and applicants. In this article, we study the problem of limiting data collection in those application forms, used to collect data and subsequently feed decision making processes. In practice, the set of data collected is far excessive because application forms are filled in without any means to know what data will really impact the decision. To overcome this problem, we propose a reverse approach, where the set of strictly required data items to fill in the application form can be computed on the user's side. We formalize the underlying NP Hard optimization problem, propose algorithms to compute a solution, and validate them with experiments. Our proposal leads to a significant reduction of the quantity of personal data filled in application forms while still reaching the same decision.
Type de document :
Communication dans un congrès
Nora Cuppens-Boulahia and Philip Fong and Joaquin Garcia-Alfaro and Stephen Marsh and Jan-Philipp Steghöfer. PST 2012 - Tenth Annual International Conference on Privacy, Security and Trust, Jul 2012, Paris, France. IEEE, pp.59-66, 2012, 〈10.1109/PST.2012.6297920〉
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-00768363
Contributeur : Benjamin Nguyen <>
Soumis le : vendredi 21 décembre 2012 - 12:39:27
Dernière modification le : jeudi 18 octobre 2018 - 16:56:03

Identifiants

Collections

Citation

Nicolas Anciaux, Benjamin Nguyen, Michalis Vazirgiannis. Limiting Data Collection in Application Forms : A real-case application of a Founding Privacy Principle. Nora Cuppens-Boulahia and Philip Fong and Joaquin Garcia-Alfaro and Stephen Marsh and Jan-Philipp Steghöfer. PST 2012 - Tenth Annual International Conference on Privacy, Security and Trust, Jul 2012, Paris, France. IEEE, pp.59-66, 2012, 〈10.1109/PST.2012.6297920〉. 〈hal-00768363〉

Partager

Métriques

Consultations de la notice

351