Privacy-Preserving AI and Dynamic Personal Data Protection: Bridging Techni

Speaker: Prof. Dr. Sang-Soo Yeo

Affiliation: Department of Computer Engineering, Mokwon University, Daejeon, South Korea

Chair: Seungmin Rho

The convergence of artificial intelligence technologies and ubiquitous data collection has precipitated unprecedented privacy challenges that demand innovative technical solutions aligned with evolving regulatory frameworks. This presentation examines the critical intersection of privacy-preserving AI technologies and dynamic personal data protection mechanisms, synthesizing recent advances (2024-2025) in technical methodologies with practical implementation strategies that achieve compliance with the European Union's General Data Protection Regulation (GDPR), Korea's Personal Information Protection Act (PIPA), and emerging international standards. As AI systems become increasingly integrated into everyday applications—from intelligent home care and autonomous vehicles to personalized healthcare and financial services—the imperative to safeguard individual privacy while enabling beneficial data utilization has never more urgent.

Contemporary AI and Internet of Things (IoT) systems present novel privacy challenges that transcend traditional data protection paradigms. Machine learning models require extensive training data that often contains sensitive personal information, creating tension between model performance and privacy preservation. Inference attacks enable adversaries to extract training data from deployed models or infer sensitive attributes about individuals from model outputs. The distributed nature of IoT ecosystems multiplies privacy risks as data flows across heterogeneous devices, edge servers, and cloud platforms, each representing potential compromise points. The opacity of deep learning architectures complicates accountability and the exercise of data subject rights guaranteed by privacy regulations.

Recent regulatory developments have established stringent requirements for personal data processing and AI system deployment. GDPR's Article 17 (right to erasure), Article 21 (right to object), and Article 37 (processing suspension) empower individuals with substantial control over their personal data. PIPA's recent amendments strengthen similar protections in the Korean context, requiring organizations to implement mechanisms enabling data subjects to exercise their rights expeditiously—the law mandates "without delay" compliance with processing suspension requests. The EU's AI Act introduces additional obligations specific to high-risk AI applications, including requirements for transparency, human oversight, accuracy, and cybersecurity. These regulations collectively establish a demanding compliance landscape that necessitates sophisticated technical infrastructure.

This presentation introduces comprehensive frameworks for dynamic personal data consent management that enable real-time compliance with data subject rights while maintaining operational continuity of AI systems. Traditional consent management approaches rely on static configurations established at data collection time, creating friction when individuals subsequently wish to modify their preferences or exercise withdrawal rights. Dynamic consent management systems implement continuous monitoring of user preferences through intelligent privacy agents that can automatically enforce processing restrictions, selective data deletion, or purpose limitation in response to user directives without requiring manual intervention or system downtime.

The architecture encompasses three primary components operating in client-server and standalone deployment modes. Privacy agents interface directly with data subjects through intuitive dashboards that present granular control over specific data categories, processing purposes, and recipient organizations. Backend enforcement mechanisms implement technical measures—database triggers, access control modifications, encryption key rotation—that instantiate consent decisions across distributed data stores and processing pipelines. Audit logging and compliance verification modules maintain immutable records demonstrating regulatory compliance and enabling automated reporting to supervisory authorities. Machine learning algorithms analyze historical consent patterns to predict user preferences and proactively suggest privacy-protective configurations, reducing cognitive burden on data subjects while enhancing protection.

Privacy-preserving machine learning techniques enable AI model development and deployment while minimizing exposure of sensitive training data. Federated learning distributes model training across edge devices or institutional data silos, transmitting only encrypted model updates to central aggregators rather than raw data. Recent advances in local federated learning (LF3PFL) partition individual datasets into subsets and perform local aggregation before communicating with global servers, adding additional privacy protection layers. Differential privacy mechanisms inject carefully calibrated noise into model gradients or outputs, providing mathematical guarantees that individual data records cannot be distinguished from model behavior. Homomorphic encryption enables computation on encrypted data without decryption, allowing cloud-based model inference while maintaining end-to-end data confidentiality.

Secure multi-party computation protocols enable collaborative AI applications where multiple organizations jointly train models on combined datasets without any party accessing others' raw data. These cryptographic techniques have evolved from theoretical constructs to practical implementations supporting real-world applications. In healthcare, hospitals can collaboratively develop diagnostic models leveraging combined patient populations while maintaining patient confidentiality and HIPAA compliance. Financial institutions can detect fraud patterns across industry datasets without sharing proprietary transaction details. Recent protocol optimizations reduce computational overhead to levels compatible with production deployment, achieving training times within factors of two to five compared to conventional centralized approaches.

The presentation examines case studies demonstrating successful implementation of privacy-preserving AI in high-stakes domains. An intelligent surveillance system for smart cities employs on-device object detection with differential privacy, enabling public safety monitoring while preventing identification of specific individuals—a critical balance between security and civil liberties. A personalized healthcare recommendation platform implements federated learning across hospital networks, improving treatment protocols based on multi-institutional evidence while maintaining patient privacy and regulatory compliance across jurisdictions. A financial fraud detection consortium leverages secure multi-party computation to identify sophisticated attack patterns that span multiple institutions without compromising competitive confidentiality.

Emerging challenges require continued innovation at the intersection of privacy and AI. The rise of large language models and foundation models trained on internet-scale datasets intensifies concerns about inadvertent memorization and exposure of training data—recent research demonstrates successful extraction of verbatim training examples from production models. Adversarial privacy attacks continue to evolve, including model inversion attacks that reconstruct training inputs from model parameters and membership inference attacks that determine whether specific individuals were included in training datasets. Cross-border data transfers complicate compliance when AI systems operate globally across heterogeneous regulatory regimes with conflicting requirements.

The presentation proposes research directions addressing these challenges. Privacy-preserving synthetic data generation creates statistically representative datasets that preserve aggregate patterns while eliminating individual-level identifiability, enabling broader data sharing for AI development while mitigating privacy risks. Unlearning mechanisms enable selective removal of specific data subjects' information from trained models in response to deletion requests, technically implementing the "right to be forgotten" for machine learning systems. Privacy-aware neural architecture search optimizes model structures jointly for accuracy and privacy metrics, discovering architectures that naturally resist privacy attacks. Blockchain-based audit trails create tamper-evident records of data processing activities and consent modifications, enhancing accountability and facilitating regulatory compliance verification.

Practical implementation guidance addresses organizational strategies for deploying privacy-preserving AI systems. Privacy-by-design methodologies integrate privacy considerations throughout the AI development lifecycle rather than retrofitting protections to completed systems. Impact assessments systematically identify privacy risks in AI applications and evaluate mitigation strategies before deployment. Training programs ensure that data scientists, engineers, and business stakeholders understand privacy requirements and technical implementation options. Governance frameworks establish clear accountability, risk ownership, and escalation procedures for privacy incidents.

International harmonization efforts seek to align divergent regulatory frameworks and facilitate responsible AI innovation. The OECD AI Principles, UNESCO Recommendation on the Ethics of AI, and ISO/IEC standards development provide foundations for global convergence. The APEC Cross-Border Privacy Rules system enables certified organizations to transfer data across participating economies while maintaining agreed privacy protections. Korea's Personal Information Protection Commission actively participates in international fora including the Global Privacy Assembly, contributing Korean perspectives to emerging global standards.

This comprehensive examination of privacy-preserving AI and dynamic personal data protection equips attendees with deep understanding of both technical capabilities and regulatory requirements, practical frameworks for implementing compliant AI systems, and strategic insights for navigating the complex landscape where innovation, privacy, and regulation intersect. As AI becomes increasingly pervasive, the approaches surveyed in this presentation will prove essential for organizations seeking to harness AI's transformative potential while respecting fundamental privacy rights and maintaining public trust.