Formal modelling of (de)pseudonymisation : a case study in health care privacy

M.G. Veeningen, B.M.M. Weger, de, N. Zannone

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

4 Citations (Scopus)
2 Downloads (Pure)


In recent years, a number of infrastructures have been proposed for the collection and distribution of medical data for research purposes. The design of such infrastructures is challenging: on the one hand, they should link patient data collected from different hospitals; on the other hand, they can only use anonymised data because of privacy regulations. In addition, they should allow data depseudonymisation in case research results provide information relevant for patients’ health. The privacy analysis of such infrastructures can be seen as a problem of data minimisation. In this work, we introduce coalition graphs, a graphical representation of knowledge of personal information to study data minimisation. We show how this representation allows identification of privacy issues in existing infrastructures. To validate our approach, we use coalition graphs to formally analyse data minimisation in two (de)-pseudonymisation infrastructures proposed by the Parelsnoer initiative.
Original languageEnglish
Title of host publicationSecurity and Trust Management (8th International Workshop, STM 2012, Pisa, Italy, September 13-14, 2012. Revised selected papers)
EditorsA. Jøsang, P. Samarati, M. Petrocchi
Place of PublicationBerlin
ISBN (Print)978-3-642-38003-7
Publication statusPublished - 2013
Eventconference; 8th International Workshop on Security and Trust Management; 2012-09-13; 2012-09-14 -
Duration: 13 Sep 201214 Sep 2012

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743


Conferenceconference; 8th International Workshop on Security and Trust Management; 2012-09-13; 2012-09-14
Other8th International Workshop on Security and Trust Management


Dive into the research topics of 'Formal modelling of (de)pseudonymisation : a case study in health care privacy'. Together they form a unique fingerprint.

Cite this