Working together on the development of privacy-friendly data analysis technologies
The sharing and analysis of data is essential to achieving economic growth and solving societal challenges. Recent analyses (Source OECD: 'Enhancing Access to and Sharing of Data: Reconciling Risks and Benefits for Data Re-use across Societies'; OECD Publishing, Paris, 2019) show that data availability and exchange can generate economic growth of 1.5% of GDP. However, legal and commercial barriers – as well as societal concerns about the fundamental right to privacy – stand in the way of data sharing. Innovative technologies such as Federated Learning and Multi-Party Computation offer a solution by securely learning from sensitive data from multiple sources without having to share this data.
The potential of these technologies for society is enormous, but a multidisciplinary approach is crucial to harnessing this. In its 'Finally, a privacy-friendly way to harness data' whitepaper, published today, TNO therefore calls on governmental players, businesses, commercial technology parties and knowledge institutions to join forces. The current means of extracting value from data requires a centralised approach in which one party holds all of the data.
This approach is often diametrically opposed to interests such as confidentiality and privacy. Instead of choosing between these interests, it is time for a new starting point in the sharing of sensitive data: do not share data, but harness insights from distributed data sources while guaranteeing privacy and confidentiality. Multi-Party Computation (MPC) and Federated Learning (FL) are promising techniques for designing data analysis applications in a privacy-friendly manner.
Whitepaper: 'Finally, a private-friendly way to harness data'
Find out how you can combine data in a privacy-friendly way.
Multi-Party Computation (MPC) and Federated Learning (FL)
MPC is a ‘toolbox’ of cryptographic techniques that allow multiple parties to compute data together as if they have a shared database. Because the data is protected cryptographically, it can be analysed without the parties ever being able to view one another’s data. The participating parties determine who is allowed to view the results of the calculation. With FL, a much stronger guarantee of privacy and confidentiality can be given than in the current approach in which all data is collected in a central location to then carry out the appropriate analyses.
FL solves the privacy problem by bringing the analyses to the data instead of the data to the analyses. The analyses are broken down into small sub-calculations that can be performed locally by the various parties. After performing a local calculation, only the (intermediate) results are shared with one or more parties. The sensitive data is not shared with anyone and remains with the party.
There are many possible applications for privacy-enhancing techniques such as MPC and FL. The effectiveness of healthcare, for instance, can be increased by gaining insights from patient data in a privacy-friendly manner. Growing financial crime can be contained by securely linking sensitive data from different financial organisations. In addition, the government can improve its service provision by collaborating with various public bodies in a way that respects privacy.
Technological and organisational challenges
The first solutions based on MPC and FL are now technologically mature and are already being applied in various domains. These technologies need to be further developed and scaled up in order to be practical on a large scale. The government can contribute to the practical usability of these techniques by actively stimulating their development and application.
In addition, they can promote collaboration in this field by facilitating and offering space for experiments through both financial and organisational support and appropriate regulation. This requires the setting up of multidisciplinary pilots in which small and large companies, start-ups and knowledge institutions can participate.
Following the first pilot experiences, adoption will be accelerated if commercial and governmental organisations make their data available for privacy-friendly data retrieval by third parties. In addition, policymakers will need to tighten the legal frameworks on usage, while technology suppliers are essential to the further operationalisation and upscaling of the required technologies. It is also important that knowledge institutions and universities continue to develop the methods in order to further increase the efficiency of privacy-friendly data analyses.
Daniël WormFunctie:Senior consultant
Daniël Worm is senior consultant at the Applied Cryptography & Quantum Algorithms department, specialized in Privacy Enhancing Technologies like Secure Multi-Party Computation and Federated Learning.
Standplaats:Den Haag - New Babylon
Telefoon:+31 6 21 13 45 84
LinkedIn:Daniël on LinkedIn
Looking for an expert?View all experts
Poverty reduction can be made more effective with data analysis
With historically high inflation and rising energy bills, poverty reduction is more relevant than ever. Multi-Party Computation can help implementing authorities to get in touch with members of the general public who are entitled to additional support.
Quantum Application Lab now open to explore the advantages and business opportunities for quantum computing
Organisations that want to investigate how quantum computing can benefit their business are invited to connect to the knowledge and technical infrastructure offered by the Quantum Application Lab (QAL) now. QAL is a newly formed public-private R&D partnership that offers a unique team of scientists, researchers, engineers, application developers, software and hardware specialists in a leading platform to explore and bring to market the benefits of quantum computing. QAL will support companies to navigate this complex and changeable environment, in order to make the best possible choices for their development roadmap and their envisioned applications.
LANCELOT: new collaboration between IKNL and TNO
Can a DDoS attack be predicted?
In the forecasting of tsunamis, buoys with sensors lie in the ocean, waiting for anomalous behaviour of the waves. The satellite to which the sensors are connected sends the signal to the weather station, after which a warning is issued. Everyone can prepare in time for what is to come. Can a similar prediction be made for DDoS attacks? The project group of the Partnership for Cyber Security Innovation (PCSI) went to investigate.