A Privacy Risk Assessment Model for Open Data

  • Amr Ali-Eldin
  • Anneke Zuiderwijk
  • Marijn Janssen
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 309)


While the sharing of information has turned into a typical practice for governments and organizations, numerous datasets are as yet not openly published since they may violate users’ privacy. The hazard on data protection infringement is a factor that regularly hinders the distribution of information and results in a push back from governments and organizations. Moreover, even published information, which may appear safe, can disregard client security because of the uncovering of users’ personalities. This paper proposes a privacy risk assessment model for open data structures to break down and diminish the dangers related with the opening of data. The key components are privacy attributes of open data reflecting privacy risks versus benefits exchanges-off related with the utilization situations of the information to be open. Further, these attributes are assessed using a decision engine into a privacy risk indicator value and a privacy risk mitigation measure. Privacy risk indicator expresses the anticipated estimation of data protection dangers related with opening such information and privacy risk mitigation measure expresses the estimations that should be connected on the information to evade the expected security risks. The model is exemplified through five genuine scenarios concerning open datasets.


Open data Privacy risks Personally identifiable information (PII) Data mining Scoring systems 


  1. 1.
    Janssen, M., van den Hoven, J.: Big and Open Linked Data (BOLD) in government: a challenge to transparency and privacy? Gov. Inf. Q. 32(4), 363–368 (2015)CrossRefGoogle Scholar
  2. 2.
    European Parliament and the Council of the European Union: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)Google Scholar
  3. 3.
    European_Commission: Communication from the commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. Towards better access to scientific information: Boosting the benefits of public investments in research (2012). Accessed 6 Oct 2013Google Scholar
  4. 4.
    OECD: OECD recommendation of the council for enhanced access and more effective use of on Public Sector Information (2008). Accessed 8 Nov 2011
  5. 5.
    ISO/IEC-29100: INTERNATIONAL STANDARD ISO/IEC Information technology - Security techniques - Privacy framework (2011)Google Scholar
  6. 6.
    Kroener, I., Wright, D.: A strategy for operationalizing privacy by design. Inf. Soc. 30(5), 355–365 (2014)CrossRefGoogle Scholar
  7. 7.
    ISACA AICPA/CICA: Privacy Maturity Model (2011)Google Scholar
  8. 8.
    Revoredo, M., et al.: A privacy maturity model for cloud storage services. In: Proceedings of the 7th International Conference on Cloud Computing (2014)Google Scholar
  9. 9.
    Wright, D.: The state of the art in privacy impact assessment. Comput. Law Secur. Rev. 28(1), 54–61 (2012)CrossRefGoogle Scholar
  10. 10.
    Blackmer, W.S.: GDPR: getting ready for the new EU general data protection regulation. In: Information Law Group (2016)Google Scholar
  11. 11.
    James, T.L., Warkentin, M., Collignon, S.E.: A dual privacy decision model for online social networks. Inf. Manag. 52, 893–908 (2015)CrossRefGoogle Scholar
  12. 12.
    Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 111–125 (2008)Google Scholar
  13. 13.
    Zuiderwijk, A., Janssen, M.: Towards decision support for disclosing data: closed or open data? Inf. Polit. 20(2), 103–117 (2015)CrossRefGoogle Scholar
  14. 14.
    Xu, L., et al.: Information security in big data: privacy and data mining. IEEE Access 2, 1149–1176 (2014)CrossRefGoogle Scholar
  15. 15.
    Randall, S.M., et al.: Privacy-preserving record linkage on large real world datasets. J. Biomed. Inform. 50, 205–212 (2014)CrossRefGoogle Scholar
  16. 16.
    Eldin, A., Wagenaar, R.: Towards autonomous user privacy control. Int. J. Inf. Sec. Priv. 1(4), 24–46 (2007)CrossRefGoogle Scholar
  17. 17.
    Jones, J.A.: An Introduction to Factor Analysis of Information Risk (Fair) (2005). Accessed 13 Dec 2016
  18. 18.
    Ali-Eldin, A., Wagenaar, R.: A fuzzy logic based approach to support users self control of their private contextual data retrieval, In: European Conference on Information Systems (ECIS). Association for Information Systems (AISeL), Turku (2004)Google Scholar
  19. 19.
    Ali-Eldin, A., van den Berg, J., Ali, H.: A risk evaluation approach for authorization decisions in social pervasive applications. Computer and Electrical Engineering 55, 59–72 (2016)CrossRefGoogle Scholar
  20. 20.
    Government_of_the_Netherlands: Risk of an attack (threat level). Accessed 28 Jan 2018
  21. 21.
    Anonymizer. Accesed 1 Mar 2017
  22. 22.
    ARX: Data Anonymization Tool. Accessed 1 Mar 2017
  23. 23.
    Camouflage’s-CX-Mask: Accessed 1 Mar 2017
  24. 24.
    Fung, B.C., et al.: Privacy preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42(4) (2010)Google Scholar
  25. 25.
    Shi, P., Xiong, L., Fung, B.: Anonymizing data with quasi-sensitive attribute value. In: Proceedings of the 19th ACM International Conference (2010)Google Scholar
  26. 26.
    Motwani, R., Xu, Y.: Efficient algorithms for masking and finding quasi-identifiers (PDF). In: Proceedings of the Conference on Very Large Data Bases (VLDB) (2007)Google Scholar
  27. 27.
    Shadish, W.R., Cook, T.D., Campbell, D.T.: Experimental and Quasi-Experimental Designs for Generalized Causal Inference. Houghton-Mifflin, Boston (2002)Google Scholar
  28. 28.
    Nessus: Nessus Vulnerability Scanner. Accessed 1 Mar 2017
  29. 29.
    Ali-Eldin, A.M.T., Hafez, E.A.: Towards a universal architecture for disease data models sharing and evaluation. In: 2017 International Symposium on Networks, Computers and Communications (ISNCC) (2017)Google Scholar
  30. 30.
    Josuttis, N.M.: SOA in Practice: The Art of Distributed System Design. O’Reilly, Sebastopol (2007)Google Scholar
  31. 31.
    Ali-Eldin, A.M.T.: Towards a shared public electronic services framework. Int. J. Comput. Appl. 93(14), 48–52 (2014)Google Scholar
  32. 32.
    Abeysinghe, S.: Restful PHP Web Services. PACKT Publishing, Birmingham (2008)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Amr Ali-Eldin
    • 1
    • 2
  • Anneke Zuiderwijk
    • 3
  • Marijn Janssen
    • 3
  1. 1.Leiden Institute of Advanced Computer ScienceLeiden UniversityLeidenThe Netherlands
  2. 2.Computer and Control Systems Department, Faculty of EngineeringMansoura UniversityMansouraEgypt
  3. 3.Faculty of Technology, Policy and ManagementDelft University of TechnologyDelftThe Netherlands

Personalised recommendations