In modern information systems different information features, about the same individual, are often collected and managed by autonomous data collection services that may have different privacy policies. Answering many end-users’ legitimate queries requires the integration of data from multiple such services. However, data integration is often hindered by the lack of a trusted entity, often called a mediator, with which the services can share their data and delegate the enforcement of their privacy policies. In this article, we propose a flexible privacy-preserving data integration approach for answering data integration queries without the need for a trusted mediator. In our approach, services are allowed to enforce their privacy policies locally. The mediator is considered to be untrusted, and only has access to encrypted information to allow it to link data subjects across the different services. Services, by virtue of a new privacy requirement, dubbed $k$k-Protection, limiting privacy leaks, cannot infer information about the data held by each other. End-users, in turn, have access to privacy-sanitized data only. We evaluated our approach using an example and a real dataset from the healthcare application domain. The results are promising from both the privacy preservation and the performance perspectives.

中文翻译：

---

数据服务组合中的隐私

在现代信息系统中，关于同一个人的不同信息特征通常由可能具有不同隐私政策的自主数据收集服务收集和管理。回答许多最终用户的合法查询需要集成来自多个此类服务的数据。然而，数据集成往往因缺乏可信实体而受到阻碍，通常称为调解人，服务可以与其共享数据并委托执行其隐私政策。在本文中，我们提出了一种灵活的隐私保护数据集成方法，用于在不需要可信中介的情况下回答数据集成查询。在我们的方法中，允许服务在本地执行其隐私政策。中介被认为是不受信任的，只能访问加密信息以允许它跨不同服务链接数据主体。服务，凭借新的隐私要求，被称为$千$克-保护，限制隐私泄露，无法推断彼此持有的数据的信息。反过来，最终用户只能访问经过隐私处理的数据。我们使用来自医疗保健应用领域的示例和真实数据集评估了我们的方法。从隐私保护和性能角度来看，结果都是有希望的。