Adaptive AI architecture for implementing privacy-by-design in accordance with GDPR

Authors

DOI:

https://doi.org/10.20535/2411-1031.2025.13.2.344715

Keywords:

artificial intelligence, GDPR, privacy-by-design, federated learning, differential privacy, homomorphic encryption, adaptive architecture, privacy-enhancing technologies

Abstract

This article addresses one of the key challenges in modern intelligent systems engineering: the practical implementation of the Privacy-by-Design principle, enshrined in the General Data Protection Regulation (GDPR), within artificial intelligence architectures. Existing approaches, such as federated learning, differential privacy, and homomorphic encryption, while effective tools, create a rigid trade-off between the level of personal data protection, model utility (accuracy), and computational efficiency when applied statically. Such a unified “one-size-fits-all” approach is inefficient, as it leads to either excessive protection of non-sensitive data, which unjustifiably degrades performance, or insufficient protection for the most vulnerable categories of information. The objective of this research is to develop a conceptual framework for a novel artificial intelligence architecture that resolves this issue through dynamic, risk-oriented management of privacy mechanisms. The result of this study is a proposed adaptive hybrid architecture. The scientific novelty of this work lies in shifting from a static model of applying Privacy-Enhancing Technologies (PETs) to a flexible, multi-layered system. This system classifies data and model components in real-time based on their sensitivity level and associated risks. Depending on the risk level, the architecture dynamically applies an optimal set of protection tools: from basic federated learning with light differential privacy guarantees for low-risk data to the application of homomorphic encryption for the most critical computations. At the core of the architecture is an optimization model that aims to maximize model utility while minimizing computational costs, ensuring compliance with predefined privacy thresholds for each data category as required by GDPR. This approach enables the creation of more efficient, secure, and productive intelligent systems that meet modern regulatory demands.

Author Biography

Oleksii Shamov, Human Rights Educational Guild, Cherkasy

intelligent systems researcher, head of Human Rights Educational Guild

References

“TechSonar report: Federated learning”, European Data Protection Supervisor, June 2024. [Online]. Available: https://www.edps.europa.eu/press-publications/publications/techsonar/federated-learning_en. Accessed on: May 19, 2025.

K. Bonawitz et al., “Towards federated learning at scale: System design”, in Proc. 2nd SysML Conf., Stanford, CA, USA, 2019, 15 p. doi: https://doi.org/10.48550/arXiv.1902.01046.

C. Dwork, “Differential Privacy”, in Encyclopedia of Cryptography and Security, H.C.A. van Tilborg, S. Jajodia, Eds. Boston, MA, USA: Springer, 2011, pp.338-340. doi: https://doi.org/10.1007/978-1-4419-5906-5_752.

R. Shokri, and V. Shmatikov, “Privacy-Preserving Deep Learning”, in Proc. 22nd ACM SIGSAC Conf. on Comp. and Commun. Sec., Denver, CO, USA, 2015, pp. 1310-1321. doi: https://doi.org/10.1145/2810103.2813687.

B. Jayaraman, and D. Evans, “Evaluating Differentially Private Machine Learning in Practice”, in Proc. 28th USENIX Sec. Symp. (USENIX Security 19), Santa Clara, CA, USA, 2019, pp.1895-1912. doi: https://doi.org/10.48550/arXiv.1902.08874.

R. Podschwadt, D. Takabi, P. Hu, M.H. Rafiei and Z. Cai, “A Survey of Deep Learning Architectures for Privacy-Preserving Machine Learning with Fully Homomorphic Encryption”, IEEE Access, vol. 10, pp. 117477-117500, 2022. https://doi.org/10.1109/ACCESS.2022.3219049.

Y. Joo, S. Ha, H. Oh, and Y. Paek, “Efficient Keyset Design for Neural Networks Using Homomorphic Encryption”, Sensors 2025, vol. 25 (14), July 2025. doi: https://doi.org/10.3390/s25144320.

S. Truex et al, “A Hybrid Approach to Privacy-Preserving Federated Learning”, in Proc. 12th ACM Workshop on AI and Sec., London, UK, 2019, pp. 1-11. doi: https://doi.org/10.1145/3338501.3357370.

E. Shalabi, W. Khedr, E. Rushdy, and A. Salah, “A Comparative Study of Privacy-Preserving Techniques in Federated Learning: A Performance and Security Analysis”, Information, vol. 16, iss. 3, art. 244, 2025. doi: https://doi.org/10.3390/info16030244.

Z. He, L. Wang, and Z. Cai, “Clustered Federated Learning with Adaptive Local Differential Privacy on Heterogeneous IoT Data”, IEEE Internet of Things Journal, vol. 11, no. 1, pp. 137-146, 2024. doi: https://doi.org/10.1109/JIOT.2023.3299947

N. Papernot, M. Abadi, U. Erlingsson, I. Goodfellow, and K. Talwar, “Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data”, in Proc. Int. Conf. on Learning Representations (ICLR), Toulon, France, 2017, 16 p. doi: http://dx.doi.org/10.48550/arXiv.1610.05755.

Downloads

Published

2025-11-27

How to Cite

Shamov, O. (2025). Adaptive AI architecture for implementing privacy-by-design in accordance with GDPR. Collection "Information Technology and Security", 13(2), 300–309. https://doi.org/10.20535/2411-1031.2025.13.2.344715

Issue

Vol. 13 No. 2 (2025)

Section

ARTIFICIAL INTELLIGENCE IN THE CYBERSECURITY FIELD

License

Copyright (c) 2025 Collection "Information Technology and Security"

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).