Properties of Effective Information Anonymity Regulations

A firm seeks to analyze a dataset and to release the results. The dataset contains information about individual people, and the firm is subject to some regulation that forbids the release of the dataset itself. The regulation also imposes conditions on the release of the results. What properties should the regulation satisfy? We restrict our attention to regulations tailored to controlling the downstream effects of the release specifically on the individuals to whom the data relate. A particular example of interest is an anonymization rule, where a data protection regulation limiting the disclosure of personally identifiable information does not restrict the distribution of data that has been sufficiently anonymized. In this paper, we develop a set of technical requirements for anonymization rules and related regulations. The requirements are derived by situating within a simple abstract model of data processing a set of guiding general principles put forth in prior work. We describe an approach to evaluating such regulations using these requirements -- thus enabling the application of the general principles for the design of mechanisms. As an exemplar, we evaluate competing interpretations of regulatory requirements from the EU's General Data Protection Regulation.