Formalizing the right to be forgotten: law meets crypto

Back to the list of Speakers and Sessions
Watch the stream
How does the "right to be forgotten" translate into operational requirements? Regulations list requirements, but natural language is ambiguous. We explore how cryptography can help in this regard.

The “right to be forgotten” is a concept that confers individuals more control over their digital data. This right has been codified as regulations or case law in a few famous examples. However, laws are by their very nature vague and open to interpretation. To address this ambiguity, researchers began to frame privacy laws in the formal language of cryptography to facilitate compliance. In this talk, we will review recent results in this young line of research. We will introduce the concept of deletion-compliance of Garg, Goldwasser and Vasudevan (Eurocrypt 2020). We will highlight some issues with this concept that were later addressed by Godin & Lamontagne (PST 2022) and independently by Gao, Garg, Mahmoody & Vasudevan (PETS 2022) using a different approach. We will highlight some of the difficulties that arise when formalizing broadly-defined notions of privacy.