TY - RPRT A1 - Rannenberg, Kai A1 - Pape, Sebastian A1 - Tronnier, Frédéric A1 - Löbner, Sascha T1 - Study on the technical evaluation of de-identification procedures for personal data in the automotive sector N2 - The aim of this study was to identify and evaluate different de-identification techniques that may be used in several mobility-related use cases. To do so, four use cases have been defined in accordance with a project partner that focused on the legal aspects of this project, as well as with the VDA/FAT working group. Each use case aims to create different legal and technical issues with regards to the data and information that are to be gathered, used and transferred in the specific scenario. Use cases should therefore differ in the type and frequency of data that is gathered as well as the level of privacy and the speed of computation that is needed for the data. Upon identifying use cases, a systematic literature review has been performed to identify suitable de-identification techniques to provide data privacy. Additionally, external databases have been considered as data that is expected to be anonymous might be reidentified through the combination of existing data with such external data. For each case, requirements and possible attack scenarios were created to illustrate where exactly privacy-related issues could occur and how exactly such issues could impact data subjects, data processors or data controllers. Suitable de-identification techniques should be able to withstand these attack scenarios. Based on a series of additional criteria, de-identification techniques are then analyzed for each use case. Possible solutions are then discussed individually in chapters 6.1 - 6.2. It is evident that no one-size-fits-all approach to protect privacy in the mobility domain exists. While all techniques that are analyzed in detail in this report, e.g., homomorphic encryption, differential privacy, secure multiparty computation and federated learning, are able to successfully protect user privacy in certain instances, their overall effectiveness differs depending on the specifics of each use case. KW - de-identification KW - automotive sector KW - requirements analysis KW - attack scenarios KW - comparison Y1 - 2021 UR - http://publikationen.ub.uni-frankfurt.de/frontdoor/index/index/docId/63413 UR - https://nbn-resolving.org/urn:nbn:de:hebis:30:3-634132 N1 - The authors are grateful to the Forschungsvereinigung Automobiltechnik e.V. (FAT e.V.) who funded this research. FAT e.V. is a department of the German Association of the Automotive Industry (German: Verband der Automobilindustrie e. V., VDA). We are in particular grateful to FAT’s working group “AK 31 Elektronik und Software” who not only initiated this research but also contributed to this report by providing input and feedback in various meetings. IS - May 14, 2021 PB - Universitätsbibliothek Johann Christian Senckenberg CY - Frankfurt am Main ER -