LinkedIn Engineers Say Deidentification Project Didn't Sacrifice Service
SANTA CLARA, Calif. -- LinkedIn recently completed a project to deidentify advertising activity data to ensure user information is protected while still allowing data processing to generate valuable analytics for advertisers, engineers from the Microsoft-owned social network said Monday at the USENIX Privacy Engineering Practice and Respect (PEPR) conference.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
“Obviously, our entire ad stack relies on a member's activity to be able to serve relevant content and deliver value as well to advertisers,” said Chris Harris, LinkedIn senior staff engineer. "But at the same time, we have privacy regulations,” platform restrictions and increasing member expectations, he said.
“That means we have a responsibility, both to our members and to our business, to do our best when it comes to protecting privacy. And that's why we've fundamentally invested in rebuilding our systems with privacy [by] design at the core.”
LinkedIn’s main challenge, added Harris, was “finding the right balance between keeping user data private [and] secure and still enabling the business to deliver value for our advertisers.” For the deidentification projection, the company made rules for itself that there would be no reidentification risk and no degradation of the user experience or system performance, he said.
It used privatization techniques, including masking, differential privacy and cryptographic transformations, said Saikrishna Badrinarayanan, a staff privacy engineer at LinkedIn. The project resulted in the company enhancing user data protection and reducing retention periods for personally identifiable information (PII), while maintaining strong service for customers with no negative impact on business, said Badrinarayanan.
It's important for LinkedIn to limit how long it holds PII, said Harris. “The longer you keep data, you’re not really respecting data-minimization guidelines that you can tell users or that governments are asking you to deploy.” In addition, storing so much data is expensive, especially for a company as big as LinkedIn, he said.