Formalizing the right to be forgotten: law meets crypto

Back to the list of Speakers and Sessions
Watch the stream
How does the "right to be forgotten" translate into operational requirements? Regulations list requirements, but natural language is ambiguous. We explore how cryptography can help in this regard.

The “right to be forgotten” is a concept that confers individuals more control over their digital data. This right has been codified as regulations or case law in a few famous examples. However, laws are by their very nature vague and open to interpretation. To address this ambiguity, researchers began to frame privacy laws in the formal language of cryptography to facilitate compliance. In this talk, we will review recent results in this young line of research. We will introduce the concept of deletion-compliance of Garg, Goldwasser and Vasudevan (Eurocrypt 2020). We will highlight some issues with this concept that were later addressed by Godin & Lamontagne (PST 2022) and independently by Gao, Garg, Mahmoody & Vasudevan (PETS 2022) using a different approach. We will highlight some of the difficulties that arise when formalizing broadly-defined notions of privacy.

Philippe Lamontagne Research Officer, National Research Council Canada

Philippe Lamontagne is a research officer in the cyber security team of the National Research Council. He received his PhD from Université de Montréal in 2018. His areas of expertise are cryptography and quantum information. He studies the use of quantum information for cryptographic tasks from lesser assumptions and the provable security of cryptographic protocols against quantum adversaries. He also has interest in the security of classical cryptography against quantum adversaries, also known as post-quantum cryptography, and in cryptographic solutions to privacy.