EDA: Towards Enforcing Data Privacy Regulations

Research Project, 2023 – 2027

To exploit the benefits of digital services, we are often obliged to share some of our personal data. The growing availability of large-scale personal data places the challenge of protecting privacy as a major one. The EU GDPR legislation created awareness of privacy issues and introduced regulatory constraints to protect citizens´ data. Privacy legislation is not exclusive to Europe; e.g., the California Consumer Privacy Act became effective in 2020 and is broadly similar to GDPR. Unfortunately, existing technical solutions to comply with GDPR constitute best-effort countermeasures, and they are limited in scope and do not provide any security or privacy guarantee.EDA will develop rigorously proven techniques to ensure that the propagation, storing, and disclosing of personal data are protected by a wide range of GDPR principles, namely purpose, the right to consent and withdrawal, transparency &  auditing, processing control, data portability, data minimization, and non-identifiable disclosure.EDA´s methodological novelty is to tackle many GDPR aspects with the same underlying approach: a novel fusion between language-based information-flow control and differential privacy. EDA will adopt functional programming languages as lingua franca and be mathematically proven to be immune to entire classes of attacks. EDA is a multifaceted research effort, promising scientific advancements in various fields of computer science.