Problem

The potential of Big Data analytics and the problem of privacy are prevalent in all sectors world-wide that deal with personal information, ranging from financial to transport and public administration etc.. Our goal is to deliver a system that is applicable to many of them.

To demonstrate our techniques, we turn to the healthcare sector, which is one of the most data intensive industries around; not only by the sheer volume of data, but also by its complexity, diversity and required timeliness It is also one of the most privacy sensitive domains on the globe.

According to a recent McKinsey report Big Data can help achieve cost savings of over 250 billion euro in the US alone.

Approach

 

GOAL 1: Develop techniques for analyzing encrypted data

By bringing together theoretical and practical expertise in both MPC and data analytics, SODA’s first objective is to make MPC practical for analytics on Big Data by identifying and solving performance bottlenecks in a use case-driven approach combining MPC and analytics expertise. We will make MPC-based Big Data processing practical. In theory, MPC can be used to make any algorithm privacy-friendly. However, in practice, current MPC techniques are not very well-equipped to handle the particular challenges of Big Data (EVT LINKE TIL MERE TEKNISK INDHOD)

a) The result on privacy issue

b) The privacy legislation issue

c) The stakeholder acceptance issue

GOAL 2: Protect data from leakage of individual data

SODA’s second objective is to use these MPC-based processing techniques as an enabler for real privacy improvements for the main stakeholders. To achieve this, apart from developing techniques for privacy-friendly computation, we develop techniques to ensure that data subjects are protected against leakage of individual data through aggregated results, regardless of the availability of cross-correlation datasets. With our privacy-friendly algorithms, data subjects and data controllers no longer need to share personal information but just make it available for encrypted processing. But this will only have a benefit if it leads to an improved feeling of privacy and an increased willingness to allow processing of their information.

We will develop ways to explain our technology to stakeholders and verify that it indeed leads to an improved feeling of privacy while and satisfying the end users of the data. We also consider the legal consequences of applying our techniques for data controllers and processors. We will show by a legal analysis that they make it easier for data controllers and processors to comply with EU privacy law, in particular the upcoming EU General Data Protection Regulation.

GOAL 3: Demonstrate functionality

SODA’s third objective is to demonstrate both functionality and security of our techniques. To demonstrate their functionality, we implement our techniques and build two demonstrators. One of them is in the area of distributed medical research; the other one will be in a different area, for instance the financial sector, in which MPC has the potential to enable new data analytics applications. We define this second demonstrator in collaboration with the data experimentation incubators funded under objective ICT-14b of this call. To measure the cost of attacking our system, we make our techniques available for academic scrutiny and hacking challenges in which the public is challenged to get synthetic personal information from our systems in any way they want.

To deliver the promise of practical privacy-preserving analytics on Big Data, we build the SODA system, which is distributed between the data controllers, data processors, and end users, and consists of several technical components (EVT Figure 3).