Chapter 9. ML Models and Privacy

Privacy is difficult to define and audit for. In the real world, organizations tend to opt for “good enough,” because as technology advances or as new data sets become available, data that was originally thought to be anonymized may no longer be anonymized. But taking reasonable privacy precautions with the technical tools available at a given point in time is clearly better than doing nothing. And in some cases, we already have technical tools that guarantee mathematically ensured degrees of privacy, and that’s even better because it provides a measure of future-proofing.

In addition to being a moving target because of evolving technical and mathematical knowledge, privacy is an evolving legal norm. For example, technical experts have pointed to the difficulties in fulfilling the requirements of emerging legal norms, such as the “right to be forgotten” in Europe that has been controlling law for some time and is now formalized in the GDPR. Several researchers have pointed out that technical implementations of the right to be forgotten may be different depending on what definition of that right and underlying motivation for that right are used to guide technical implementations.

Is the motivation for providing a right to be forgotten (more concretely, a right to data deletion), that all statements related to a given data set will be robust to a data point’s deletion? This is not entirely feasible, for example, if organizations have published aggregate ...