Privacy-Enhancing Technologies Under GDPR: Challenges and Solutions for AI
Abstract: As AI regulations evolve, companies operating in the European Union must ensure their AI services comply with the GDPR. Privacy-enhancing technologies (PETs), such as Secure Multi-Party Computation (MPC), have emerged as key solutions for enabling privacy-preserving data analytics while maintaining compliance. However, integrating PETs into real-world deployments presents both technical and legal challenges. This talk will explore the role of PETs under GDPR, focusing on how they support privacy-preserving applications, particularly in sensitive data analytics. Key regulatory considerations include data minimization, legal bases for processing, and cross-border data-sharing restrictions. We will also discuss Federated Learning (FL) as a privacy-aware approach and the practical challenges it introduces, including:
Aggregator-side attacks that can compromise privacy and model integrity.
Client-side vulnerabilities, such as inference and poisoning attacks.
Cross-border compliance hurdles, where differing national interpretations of GDPR create legal uncertainty.