Privacy protection-type data providing system

摘要

An information providing apparatus for collecting data including personal information and distributing the data to a user terminal performs anonymization processing for converting data, which an individual who is an owner of personal information allows to use, into data with which the individual cannot be identified using multiple parameters, thus generating multiple anonymized data protecting the, privacy of the individual. Since each of the anonymized data is anonymized using a different parameter, the amount of information of each of the anonymized data is different. Then, when a request is received from a user terminal, anonymized data that can be provided to the user are identified from among multiple generated anonymized data on the basis of the reliability of the user who uses the user terminal.

主权项

1. An information providing apparatus connected to a plurality of first user terminals and a plurality of second user terminals, wherein the information providing apparatus is configured to apply anonymization processing, wherein the anonymization processing is k-anonymization processing, which is processing for converting data including personal information so that an individual is not identified, wherein the data including the personal information is collected from the plurality of first user terminals, and the information providing apparatus is configured to distribute anonymized data generated as a result of application of the anonymization processing to a respective one of the second user terminals in response to a request from the respective second user terminal, the information providing apparatus comprising:
a storage unit configured to store:
the data including the personal information;first information specifying, for each piece of data of an individual who is an owner of the personal information, a parameter, of a plurality of parameters, of the anonymized data that is allowed to be provided;second information specifying the personal information to which the anonymization processing is applied;third information specifying a level of reliability for each user associated with each respective second user terminal that receives the provided anonymized data;fourth information specifying a respective parameter, of the plurality of parameters, of the anonymized data which the user having the level of reliability can receive in accordance with the level of reliability; and a processing unit configured to:
extract a portion of data that is allowed to be provided from among the data including the personal information for each of the plurality of parameters based on the first information;identify the personal information to which the anonymization processing is applied from among the personal information of the extracted portion of data based on the second information;execute the anonymization processing on the identified personal information with each of the plurality of parameters, thus generating a plurality of anonymized data portions, wherein the anonymized data portions have varying amounts of information;identify the level of reliability of the respective user of the second user terminal based on the third information in response to the request from the second user terminal; andidentify one of the anonymized data portions to distribute to the respective second user terminal from among the plurality of anonymized data portions based on the fourth information and the level of reliability identified for the respective user.