Privacy Preserving Data Mining: a Process Centric View from a European Perspective 1

Privacy Preserving Data Mining (PPDM) in a broad sense has been an area of research since 1991 2 both in the public and private 3 sector and has also been discussed at numerous workshops and international conferences 4. Currently the research is mainly directed towards development of technical methods, such as application of cryptography or the development of specialised algorithms to meet security and privacy requirements for different data mining methods, such as classification or categorisation. So far PPDM has found application in only a few cases. One example is documented in medical research to protect patients' privacy 5. In all cases when data mining is applied in the context of personal data, basic data and data mining results have to be collected, stored and processed in compliance with data protection legislation. This results in responsibilities for data controllers, technical operators and others involved in those business or governmental processes where data mining plays a role. In this article a brief overview of the state-of-the-art in PPDM and some current suggestions for proceeding towards standardisation in PPDM are summarised. This is followed by considerations of how PPDM could be improved based on the European Directive 95/46/EC, additionally taking into account procedural and process-related considerations. To illustrate these considerations, scoring practice in the financial sector is used as an example. Though this example certainly does not demonstrate all aspects possibly relevant in the area of data mining, it has been analysed from the perspective of recent data protection developments. In addition, with process chains containing providers for basic data, service providers for calculation of scoring values and banks using the mining results, the paper analyses the requirements that data controllers have to meet.