[meetings] Agenda Request - (CPA?) Composable privacy-preserving architecture (#65)

rmirisola has just created a new issue for https://github.com/patcg/meetings:

== Agenda Request - (CPA?) Composable privacy-preserving architecture ==
## Agenda+: (CPA?) Composable privacy-preserving architecture to support more flexible x-platform use cases

We'd like to propose this group consider a scalable & practical approach to decentralized privacy-preserving architecture to support composition of methods across device platforms & data collection channels for various use cases.

Moreover, this approach would be compatible with existing privacy-centric industry initiatives (like WFA CMM r/f), and proposals previously raised in this forum like IPA.

This proposal assumes a few things:

1. A device platform is ok allowing encrypted data from a device to a (set of) _trusted privacy-preserving processing networks_, which guarantee that privacy requirements are met before releasing _privacy-preserving_ results for a particular use case.

2. We want to solve for use cases where we need to combine data from multiple device platforms, and channels. i.e. x-media, x-platform, as that has a lot of value for advertisers. This is a requirement for the WFA CMM r/f system, demanded by advertisers.

3. Want to do 1+2 while maximizing utility for the use cases. This generally means introducing (or having the ability to introduce) privacy-preserving mechanisms as late as possible in the data processing graph. 

We propose that a result is _privacy-preserving_ if it (roughly) conforms to one of the following:

- It meets a certain privacy-preserving definition TBD (e.g. Differentially Private with certain budget policy). Note that who defines this criteria is out of scope, but we argue the architecture should be flexible enough to support many variations of this set up. 

- Results are encrypted and can only be processed in further _trusted privacy-preserving processing networks_.

This allows compatibility and composition of secure/private operations which would enable support to more advanced and comprehensive advertising use cases.

This means that there is an equivalence in privacy principles for the data that leave the device to the data that leaves any further processing service, which in our opinion also allows for a more scalable and consistent architecture. 

We can talk about the general architectural proposal and a specific example application for the purposes of x-media r/f measurement via the WFA CMM framework (including an overview of said framework).

### Links

Slides and supporting material is forthcoming.


Please view or discuss this issue at https://github.com/patcg/meetings/issues/65 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 23 June 2022 18:36:22 UTC