Anonymisation for Data Donations
Facilitate platform scrutinization through anonymised data contributions
Recommendation systems are gatekeepers of online content. Despite their huge influence, these systems are opaque and unaccountable. Thanks to user data donations (e.g. users sharing their personal recommendations), researchers are able to scrutinize algorithms from the outside, even in the absence of official APIs.
Because recommendations are personalised and thus can expose sensitive information, it is essential to guarantee the privacy of our data donors. The project will design and implement a private-by-design data donation infrastructure. With such a scheme, contributions do not have any form of user identification in the database. They are indexed by a cryptographic token, generated from a user-owned secret key. This ensures that there is no visible link between a contribution and a user, or between two contributions from the same user, even with full access to the database.
Users can re-generate the indexes of their contributions using their secret key, allowing them to retrieve or delete their data in part or whole, as required by the GDPR. This project will not only a major enabler for broder platform scrutinization, but also a reusable building block for other projects who need to collect sensitive data with strong privacy guarantees.
- The project's own website: https://tracking.exposed/
This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.
