Assessing Privacy Risk of Temporal Purchasing Footprints
Privacy as a fundamental human right remains a challenge in our data-driven society. Legislators in developed countries did their best to enact laws to protect this right. The most well-established privacy law is the GDPR in the European Union. While the GDPR creates a detailed framework to define every aspect of interaction with data, there are still some gaps that remained. One of these gaps is the lack of numeric assessment methods to measure different risks that data subjects may face in a data breach situation. Based on Article 35 of the GDPR, EU companies are required to perform a Data Protection Impact Assessment (DPIA), but the law does not mention precisely how to do such assessments and does not provide any numeric methodologies. In this thesis work, we explain the details of this challenge and introduce different existing frameworks to overcome it. We get in details of the PRUDEnce, a framework to assess the re-identification risk in the background knowledge based attacks. The main contribution of this thesis is examining the PRUDEnce framework in the temporal purchasing footprints dataset of shopping baskets and proving the ability of the framework in providing a numeric risk assessment in such datasets. Our findings confirm the results of the main research paper and demonstrate how the risk changes numerically with the increment of the background knowledge of adversaries.