Privacy vs. Innovation - Can Anonymization Strike the Right Balance Between Privacy and Innovation in the Age of Machine Learning?

Abstract

In an era of rapid technological advancements, artificial intelligence (AI) has emerged as a transformative force across multiple sectors, such as healthcare, finance, and transportation. At the core of AI development lies machine learning (ML), a subset of AI that relies on vast amounts of data (big data) to enhance performance and generate predictions. However, as ML systems become increasingly dependent on big data, often including personal data, the balance between innovation and privacy protection becomes a critical concern, particularly in light of the European Union's General Data Protection Regulation (GDPR). While the GDPR aims to safeguard personal data, its stringent requirements pose challenges for organizations seeking to leverage big data for technological progress.

Data anonymization serves as a valuable solution to this, enabling data to be processed without violating GDPR requirements. However, in today’s digital age, uncertainty persists regarding what constitutes sufficient anonymization. This uncertainty can significantly hinder the benefits of anonymization by leaving organizations unsure about how to properly safeguard personal information, resulting in reluctance to fully utilize anonymization techniques. Consequently, this can hinder the development of effective AI systems, ultimately diminishing the potential social and economic benefits these technologies offer.

That said, the purpose of this thesis is to contribute to a comprehensive understanding of anonymization under the GDPR, particularly in relation to the use of anonymized documents for training ML models. Given the varying interpretations of what constitutes sufficient anonymization, this thesis first examines the proper interpretation of this concept. This foundational analysis then serves as the basis for exploring acceptable levels of data leakage in anonymized documents processed by ML models under the GDPR.