Limiting data collection in application forms: A real-case application of a founding privacy principle
2012 Tenth Annual International Conference on Privacy, Security and Trust (2012)
Paris, France France
July 16, 2012 to July 18, 2012
Nicolas Anciaux , INRIA, Le Chesnay, France
Benjamin Nguyen , INRIA, Le Chesnay, France
Michalis Vazirgiannis , Athens U. of Economics & Business, Greece
Application forms are often used by companies and administrations to collect personal data about applicants and tailor services to their specific situation. For example, taxes rates, social care, or personal loans, are usually calibrated based on a set of personal data collected through application forms. In the eyes of privacy laws and directives, the set of personal data collected to achieve a service must be restricted to the minimum necessary. This reduces the impact of data breaches both in the interest of service providers and applicants. In this article, we study the problem of limiting data collection in those application forms, used to collect data and subsequently feed decision making processes. In practice, the set of data collected is far excessive because application forms are filled in without any means to know what data will really impact the decision. To overcome this problem, we propose a reverse approach, where the set of strictly required data items to fill in the application form can be computed on the user's side. We formalize the underlying NP Hard optimization problem, propose algorithms to compute a solution, and validate them with experiments. Our proposal leads to a significant reduction of the quantity of personal data filled in application forms while still reaching the same decision. Privacy principle; Limited collection; Automated form filling.
Approximation methods, Decision making, Approximation algorithms, Measurement, Data privacy, Optimization, Insurance
M. Vazirgiannis, B. Nguyen and N. Anciaux, "Limiting data collection in application forms: A real-case application of a founding privacy principle," 2012 Tenth Annual International Conference on Privacy, Security and Trust(PST), Paris, France France, 2012, pp. 59-66.