Journal of Information Security Reserach ›› 2021, Vol. 7 ›› Issue (10): 896-.

Previous Articles     Next Articles

Anonymisation and Proposals under MPC Application Scenarios

  

  • Online:2021-10-09 Published:2021-10-09

多方计算特定应用场景的匿名化认定与建议

庄媛媛  靳晨1何昊青2   

  1. 1(华控清交信息科技(北京)有限公司 北京 100084)
    2(清华大学 五道口金融学院 北京 100084)

  • 通讯作者: 庄媛媛
  • 作者简介:庄媛媛,博士,研究方向为数据相关政策法律法规、数据安全与隐私保护、数据治理、隐私计算等。 zhuangyuanyuan@tsingj.com 靳晨,本科,研究方向为数据安全与隐私保护、数据治理、隐私计算、技术标准化等。 jinchen@tsingj.com 何昊青,博士,研究方向为图论、信息论、算法复杂性理论、隐私计算理论等。 hehaoqing@tsingj.com

Abstract: Demands for data in various industries have experienced rapid growth since data became key production factor. Data Security Law (taking effect on September 1, 2021) enhanced an increasing comprehensive legal framework for information and data security in the PRC. Due to its private and sensitive nature, personal information will receive more rigorous protection and regulations under the Personal Information Protection Law of China. While details differ, the Draft Personal Information Protection Law of China shares main concepts of anonymization and de identification with its EU parallels. Starting from the regulations of Europe and the United States, this paper provides insights into the gaps between concepts of anonymization of the two parties, then we evaluate the feasibility and worthiness of learning for both. This paper combines the relevant provisions of China with the data transaction scenario based on multi-party computing (MPC), and analyzes the possible problems in the application of the relevant provisions of anonymization and de identification. Finally, from the perspective of personal information protection and data circulation, this paper puts forward suggestions on anonymization and de identification and their relevant provisions.

Key words: anonymization, de-identification, pseudonymisation, multi-party computation, personal information protection, data circulation

摘要:

数据正在逐渐成为关键生产要素,各产业对数据的需求也随之不断增长。202191日即将实施的《数据安全法》,对国内信息和数据安全领域的普适性法律框架做了进一步完善。作为数据当中最为特殊的一部分,个人信息在《个人信息保护法》受到更加严格的保护。《个人信息保护法》中有关匿名化与去标识化的概念与欧盟相关规定类似,但亦有其不同之处。本文以欧美相关规定为起点,洞察欧美对匿名化相关概念的差异,评价其可操作性与值得借鉴之处。随后,本文将我国相关规定与基于多方计算(Multi-party Computation,MPC)的数据交易场景进行结合,分析目前匿名化与去标识化相关规定在适用上可能面临的问题。最后,从个人信息保护与数据流通的角度,对匿名化与去标识化及其相关规定提出建议。

关键词: 匿名化, 去标识化, 假名化, 多方计算, 个人信息保护, 数据流通