Formalizing Data Deletion in the Context of the Right to Be Forgotten

The right of an individual to request the deletion of their personal data by an entity that might be storing it -- referred to as the right to be forgotten -- has been explicitly recognized, legislated, and exercised in several jurisdictions across the world, including the European Union, Argentina, and California. However, much of the discussion surrounding this right offers only an intuitive notion of what it means for it to be fulfilled -- of what it means for such personal data to be deleted. In this work, we provide a formal definitional framework for the right to be forgotten using tools and paradigms from cryptography. In particular, we provide a precise definition of what could be (or should be) expected from an entity that collects individuals' data when a request is made of it to delete some of this data. Our framework captures several, though not all, relevant aspects of typical systems involved in data processing. While it cannot be viewed as expressing the statements of current laws (especially since these are rather vague in this respect), our work offers technically precise definitions that represent possibilities for what the law could reasonably expect, and alternatives for what future versions of the law could explicitly require. Finally, with the goal of demonstrating the applicability of our framework and definitions, we consider various natural and simple scenarios where the right to be forgotten comes up. For each of these scenarios, we highlight the pitfalls that arise even in genuine attempts at implementing systems offering deletion guarantees, and also describe technological solutions that provably satisfy our definitions. These solutions bring together techniques built by various communities.

[1]  Li Zilles,et al.  Machine, Unlearning , 2018 .

[2]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[3]  Xavier Coiteux-Roy,et al.  Proving Erasure , 2019, 2019 IEEE International Symposium on Information Theory (ISIT).

[4]  Michael Veale,et al.  Algorithms that remember: model inversion attacks and data protection law , 2018, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[5]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[6]  Moni Naor,et al.  Anti-persistence: history independent data structures , 2001, STOC '01.

[7]  Stefan Dziembowski,et al.  One-Time Computable Self-erasing Functions , 2011, TCC.

[8]  Kobbi Nissim,et al.  Towards formalizing the GDPR’s notion of singling out , 2019, Proceedings of the National Academy of Sciences.

[9]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[10]  Aggelos Kiayias,et al.  Efficient Proofs of Secure Erasure , 2014, SCN.

[11]  Yehuda Lindell,et al.  A Simpler Variant of Universally Composable Security for Standard Multiparty Computation , 2015, CRYPTO.

[12]  Sebastian Schelter,et al.  "Amnesia" - Machine Learning Models That Can Forget User Data Very Fast , 2020, CIDR.

[13]  Gene Tsudik,et al.  Secure Code Update for Embedded Devices via Proofs of Secure Erasure , 2010, ESORICS.

[14]  Anne Broadbent,et al.  Quantum encryption with certified deletion , 2019, IACR Cryptol. ePrint Arch..

[15]  Matthias Zeppelzauer,et al.  Machine Unlearning: Linear Filtration for Logit-based Classifiers , 2020, ArXiv.

[16]  Salil P. Vadhan,et al.  The Complexity of Differential Privacy , 2017, Tutorials on the Foundations of Cryptography.

[17]  Junfeng Yang,et al.  Towards Making Systems Forget with Machine Unlearning , 2015, 2015 IEEE Symposium on Security and Privacy.

[18]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[19]  Vitaly Shmatikov,et al.  Machine Learning Models that Remember Too Much , 2017, CCS.

[20]  Constantinos Patsakis,et al.  Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions , 2018, J. Cybersecur..

[21]  Richard E. Overill,et al.  Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[22]  Daniele Micciancio,et al.  Oblivious data structures: applications to cryptography , 1997, STOC '97.

[23]  Stefano Soatto,et al.  Eternal Sunshine of the Spotless Net: Selective Forgetting in Deep Networks , 2020, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[24]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[25]  James Zou,et al.  Making AI Forget You: Data Deletion in Machine Learning , 2019, NeurIPS.

[26]  Thomas Steinke,et al.  Bridging the Gap between Computer Science and Legal Approaches to Privacy , 2018 .