Strategic Data Access Management

“An employee may be attacked by a potentially sophisticated adversary whose goal is to steal all their data. Therefore, the firm trades off the efficiency benefit of the more permissive data access architecture with the adversarial risk it incurs. We characterize the firm’s optimal data access architecture and investigate how it depends both on the adversarial environment […]

The GDPR and Unstructured Data: Is Anonymization Possible?

“This article examines the two contrasting approaches for determining identifiability that are prevalent today: (i) the risk-based approach and (ii) the strict approach in the Article 29 Working Party’s Opinion on Anonymization Techniques (WP 216). Through two case studies, we illustrate the challenges encountered when trying to anonymize unstructured datasets. We show that, while the risk-based approach […]

Data Privacy, Human Rights, and Algorithmic Opacity

“… in a world where algorithmic opacity has become a strategic tool for firms to escape accountability, regulators in the EU, the US, and elsewhere should adopt a human-rights-based approach to impose a social transparency duty on firms deploying high-risk AI techniques.” Lire