Working together on the development of privacy-friendly data analysis technologies

The potential of these technologies for society is enormous, but a multidisciplinary approach is crucial to harnessing this. In its 'Finally, a privacy-friendly way to harness data' whitepaper, published today, TNO therefore calls on governmental players, businesses, commercial technology parties and knowledge institutions to join forces. The current means of extracting value from data requires a centralised approach in which one party holds all of the data.

This approach is often diametrically opposed to interests such as confidentiality and privacy. Instead of choosing between these interests, it is time for a new starting point in the sharing of sensitive data: do not share data, but harness insights from distributed data sources while guaranteeing privacy and confidentiality. Multi-Party Computation (MPC) and Federated Learning (FL) are promising techniques for designing data analysis applications in a privacy-friendly manner.

Multi-Party Computation (MPC) and Federated Learning (FL)

MPC is a ‘toolbox’ of cryptographic techniques that allow multiple parties to compute data together as if they have a shared database. Because the data is protected cryptographically, it can be analysed without the parties ever being able to view one another’s data. The participating parties determine who is allowed to view the results of the calculation. With FL, a much stronger guarantee of privacy and confidentiality can be given than in the current approach in which all data is collected in a central location to then carry out the appropriate analyses.

FL solves the privacy problem by bringing the analyses to the data instead of the data to the analyses. The analyses are broken down into small sub-calculations that can be performed locally by the various parties. After performing a local calculation, only the (intermediate) results are shared with one or more parties. The sensitive data is not shared with anyone and remains with the party.

Broadly applicable

There are many possible applications for privacy-enhancing techniques such as MPC and FL. The effectiveness of healthcare, for instance, can be increased by gaining insights from patient data in a privacy-friendly manner. Growing financial crime can be contained by securely linking sensitive data from different financial organisations. In addition, the government can improve its service provision by collaborating with various public bodies in a way that respects privacy.

Technological and organisational challenges

The first solutions based on MPC and FL are now technologically mature and are already being applied in various domains. These technologies need to be further developed and scaled up in order to be practical on a large scale. The government can contribute to the practical usability of these techniques by actively stimulating their development and application.

In addition, they can promote collaboration in this field by facilitating and offering space for experiments through both financial and organisational support and appropriate regulation. This requires the setting up of multidisciplinary pilots in which small and large companies, start-ups and knowledge institutions can participate.

Following the first pilot experiences, adoption will be accelerated if commercial and governmental organisations make their data available for privacy-friendly data retrieval by third parties. In addition, policymakers will need to tighten the legal frameworks on usage, while technology suppliers are essential to the further operationalisation and upscaling of the required technologies. It is also important that knowledge institutions and universities continue to develop the methods in order to further increase the efficiency of privacy-friendly data analyses.