Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Synthetic data and data protection laws
Journal of Data Protection & Privacy,
6
(3),
227-239
(2024)
Abstract
While synthetic data has the potential to address privacy concerns associated with real-world data in many scenarios — ranging from health applications to machine learning — organisations must proceed carefully to ensure they do not inadvertently violate the General Data Protection Regulation or other data protection laws. The boundaries between the processing of personal and anonymised data are sometimes overlooked, creating potential risks for individuals' rights and freedoms. This paper will start from a definition of synthetic data and, after reviewing some foreseeable use cases (also promoted by forthcoming sector legislations in the areas of artificial intelligence and data sharing), it will address the conditions set out in data protection laws (the EU General Data Protection Regulation in primis) in order to consider a set of data as properly anonymised, as well as the phases of synthetic data generation and use where personal data might still be processed, proposing some reflections towards genuine legal compliance.
Keywords: synthetic data; privacy enhancing technologies; data protection compliance; anonymisation; identification risks
The full article is available to subscribers to the journal.
Author's Biography
Giuseppe D'Acquisto is a senior technology adviser at the Italian Data Protection Authority and is the national delegate within the European Data Protection Board on technology matters. He is also a professor in artificial intelligence and in laws and algorithms in the Department of Law at LUISS University in Rome. He was the rapporteur of the Article 29 Working Party Opinion 05/2014 on ‘Anonymisation Techniques’. He holds a degree cum laude in electronic engineering and a PhD in computer science. His research interests revolve around privacy enhancing technologies, identification and anonymisation in data processing, fairness and causality of algorithmic decisions.
