Score
Implementing controls to protect personal and sensitive data through access controls, encryption (at-rest/in-transit), anonymization/pseudonymization, auditing, incident response and privacy-enhancing techniques (differential privacy, k-anonymity), while operationalizing requirements of regulations such as GDPR.
This paper addresses three core challenges in privacy-preserving synthetic data generation (PP-SDG): opaque privacy loss interpretation, non-transparent risk semantics of the differential privacy parameter ε, and ambiguous, incomparable definitions across diverse privacy metrics (PMs). To resolve these, we systematically survey and, for the first time, formally unify the mathematical definitions of 17 mainstream PMs—explicitly specifying their underlying assumptions, implicit premises, and analytical expressions. Grounded in differential privacy theory, we integrate information-theoretic and statistical inference principles to analyze each PM’s computational model and applicability boundaries. Based on this analysis, we propose the first comprehensive PM taxonomy, rigorously characterized along three dimensions: completeness, consistency, and interpretability. This taxonomy substantially enhances transparency and standardization in privacy risk assessment and provides both a rigorous theoretical foundation and a practical evaluation framework for privacy–utility trade-offs in PP-SDG mechanisms.
This study addresses the core challenge of balancing regulatory compliance—specifically with LGPD and GDPR—with data utility in privacy-preserving data anonymization. We systematically evaluate the privacy protection strength and utility loss of mainstream techniques—including aggregation, generalization, perturbation, and k-anonymity—on real-world sensitive datasets. Through quantitative comparative experiments, we characterize their distinct trade-offs along the privacy–utility spectrum and propose a context-aware technical selection framework guided by application-specific features (e.g., data dimensionality, analytical task type, and regulatory emphasis). Our key contributions are threefold: (1) the first unified empirical validation of the interplay between multi-regulatory compliance and utility preservation; (2) identification of mechanistic links between anonymization method choice and cross-jurisdictional compliance feasibility; and (3) a practical, evidence-based decision guide for privacy engineers to select optimal anonymization strategies under legal and operational constraints. (149 words)
Users widely perceive a loss of data control, stemming from existing privacy mechanisms that conflate two distinct types of control: interpersonal privacy (e.g., social sharing settings) and user-institutional privacy (e.g., platform-level data processing rights). This paper introduces and rigorously substantiates the “dichotomy of control objects,” arguing that current privacy design overemphasizes the former while systematically neglecting the latter. Through an interdisciplinary investigation—including controlled human-computer interaction experiments, comparative analysis of privacy policy texts, and critical information ethics inquiry—the study exposes the structural inadequacies of prevailing “one-size-fits-all” privacy interfaces. Findings inform the redesign of privacy interfaces, strengthen regulatory enforcement (e.g., GDPR compliance), and advance institutional innovations such as data trusts. Collectively, this work shifts the paradigm from procedural consent toward substantive user empowerment in data governance.
Ensuring privacy compliance for personal data flows in active-object languages remains challenging due to dynamic consent management and evolving regulatory requirements. Method: This paper proposes a language-level privacy protection framework featuring a novel type system that jointly encodes GDPR principles—such as purpose limitation and data subject rights—with user consent policies and compliance constraints. It integrates static type inference and checking with runtime dynamic constraint validation to enforce end-to-end data-flow control and respond instantaneously to consent updates. Contribution/Results: We establish formal soundness of the framework and validate its practical efficacy across multiple case studies—including healthcare and financial domains—demonstrating automated, scalable compliance verification for high-sensitivity scenarios. The approach significantly enhances the formalizability, executability, and trustworthiness of privacy enforcement.
Intelligent connected vehicles (ICVs) face urgent practical challenges in enhancing privacy-friendliness beyond mere GDPR compliance. Method: This study proposes the first privacy engineering framework tailored for full-vehicle systems, integrating system modeling, a dynamic privacy manager, a GDPR principle–guided PETs selection methodology, and a layered privacy architecture to enable fine-grained data-flow control and automated compliance mapping. The modular design decouples privacy functionality for scalable deployment. A prototype is implemented and validated in a location-based service scenario. Contribution/Results: The framework ensures end-to-end controllability over user data collection, transmission, and processing; achieves privacy-policy response latency under 200 ms; and improves PETs configuration coverage by 40%. It establishes a technically advanced, regulation-adaptive privacy enhancement paradigm for automotive systems.
This study addresses the reluctance of municipal agencies and mobility service providers to share data due to privacy concerns, which hinders collaborative optimization of transportation systems. To overcome this barrier, the authors propose a game-theoretic framework incorporating a perturbation-based privacy-preserving mechanism and analyze its incentive effects on multi-party data-sharing behavior. The findings reveal that moderately lowering expectations regarding data quality can effectively encourage voluntary data sharing, thereby enhancing both operational efficiency and social welfare while preserving privacy. This work offers a novel strategy for balancing privacy and utility, providing theoretical support for the design of privacy-aware collaborative transportation systems and informing related policy-making.
Existing mainstream privacy models suffer from fundamental limitations: k-anonymity operates syntactically, rendering it vulnerable to background knowledge attacks and lacking semantic constraints; differential privacy faces a sharp utility–privacy trade-off—small privacy budgets cause severe data distortion, while large budgets degrade privacy guarantees. Method: We propose Semantic k-Anonymity, which formally incorporates domain-specific semantic constraints and dependencies among sensitive attributes to reconstruct the equivalence-class partitioning mechanism—enhancing disclosure resistance without compromising data utility. Contribution/Results: Through rigorous formal modeling, principled semantic constraint design, and empirical risk assessment, we demonstrate that Semantic k-Anonymity achieves more robust privacy protection and higher data utility than conventional k-anonymity and differential privacy in realistic settings, thereby reducing reliance on post-hoc risk evaluation.
This paper examines how the General Data Protection Regulation (GDPR) is reshaping global data governance, focusing on institutional tensions between the GDPR and the 1995 Data Protection Directive as well as U.S. privacy law, and its heterogeneous regulatory impacts across diverse business entities. Method: Drawing on doctrinal legal analysis, comparative law, and policy impact assessment—framed within regulatory mechanism design theory—the study systematically evaluates GDPR’s operational logic and extraterritorial effects. Contribution/Results: The paper proposes a novel information governance paradigm anchored in three pillars: enterprise-level internal control mechanisms, data localization practices, and meaningful human involvement in automated decision-making. It elucidates the GDPR’s structural bias favoring direct-to-consumer firms in compliance efficiency and demonstrates how the regulation is catalyzing a fundamental reconfiguration of data-driven business models under heightened protection standards.
This study addresses the critical challenge of securely leveraging sensitive private-sector data—such as financial transactions—for public health decision-making, particularly in pandemic response, while preserving individual privacy. It introduces, for the first time, a systematic application of differentially private synthetic data generation to public health, producing high-fidelity synthetic financial transaction records that retain spatiotemporal characteristics. These synthetic data are integrated with mobility and epidemiological datasets to establish a reusable, privacy-preserving analytical framework. The authors develop a suite of six tools enabling tasks including hotspot detection, compliance monitoring, mobility analysis, and contact matrix estimation. Empirical validation demonstrates that privacy-preserving synthetic data can effectively and practically support pandemic surveillance and forecasting without compromising confidentiality.
This study addresses the security and privacy risks arising from legal conflicts and technical vulnerabilities in cross-border data flows involving large language models and IoT systems, where traditional static encryption and data localization strategies struggle to balance regulatory compliance with utility. To overcome this challenge, the work proposes a jurisdiction-aware, privacy-first architecture that dynamically integrates jurisdictional regulations into localized encryption, adaptive differential privacy, and cryptographic compliance proofs, enabling proactive alignment between security and compliance. Evaluated on a multi-jurisdiction simulation platform, the proposed framework reduces unauthorized data exposure to below 5%, achieves zero compliance violations, maintains model utility above 90%, and incurs manageable computational overhead.
This study identifies systemic deficiencies in current information sources for supporting developers in privacy-sensitive software development: developers普遍 lack legal expertise, while personal experience, online resources, and AI assistants fail to deliver precise, context-aware, and actionable privacy compliance guidance. Through the first controlled comparative study—employing scenario-based simulations, think-aloud protocols, and in-depth interviews—we conducted thematic analysis of developer decision-making across these three information sources. Results reveal that experiential knowledge is constrained by domain-specific blind spots; online content is overly verbose and difficult to interpret; and AI-generated responses lack contextual grounding and problem specificity. The study articulates design requirements for “context-aware privacy support tools,” emphasizing actionability, comprehensibility, and task alignment. These findings provide empirical grounding and methodological insights for developing privacy engineering assistance systems tailored to software developers. (149 words)