Home // Research // FSTC // Computer Sci... // Research Pro... // Reconciling the Uneasy Relationship between the Economics of Personal Data and Privacy

Reconciling the Uneasy Relationship between the Economics of Personal Data and Privacy

Funding: University of Luxembourg
Start Date: June 1, 2015
End Date: May 31, 2018

Description

Personal data is nowadays a common commodity in the web space, yet our understanding of cost–benefit trade-offs that individuals undertake when getting involved in digital transactions and disclosing personal data is far from complete. On the one hand, users benefit from personalisation of products and contributing to the societal good, but, on the other hand, might be locked into services and suffer from severe privacy risks, e.g. that data may be compromised once disclosed to a service provider. We focus on healthcare-related personal data and mainly consider two scenarios. One is public medical research, where personal data will be used by third-party organizations (e.g. by various medical labs) to conduct research, such as studying the trend of a disease. The other is medical recommender systems, where patients interact with each other and third-party professionals (e.g. doctors, and people from pharmaceutical and insurance companies) for a variety of purposes. These two scenarios only represent a small segment of the whole ecosystem, but they vividly illustrate the dilemma of utility and privacy of sensitive personal data.

In this project, we carry out interdisciplinary research to bridge the theory-practice gap in tackling the privacy issues associated with personal data. We (economists and information security researchers) will investigate the economic incentives behind users’ participation in the systems, and subsequently establish models for gains and costs in the two application scenarios. Then, we will apply the concept of mechanism design to our scenarios, and propose mechanisms for safeguarding users’ utility and privacy against rational attackers (e.g. legitimate participants in the systems). Finally, to complement the developed mechanisms, we will propose new cryptographic protocols to safeguard privacy against potential malicious and irrational attackers (e.g. outside attackers). The task of this project is essentially twofold: economic understanding and modelling, and realization of (rational) cryptographic protocols.

Members