The deluge of big data, accompanied by developments in software and hardware technologies leveraging them, has created new opportunities for research and industry. Vast databases of medical records and genomics hold the promise of shedding light to up to now hidden disease pathways and novel personalised treatments. Moreover, huge amounts of sensor and camera data can be exploited to improve the safety of self-driving vehicles, while analysis of computer logs from different organisations and from different sectors can mitigate cyberattack impacts. The main challenges, though, faced by researchers and service providers working with personal data in cases like the above, are stemming from the fact that these data need to be processed in a privacy-preserving way, as they contain sensitive information. Although several technologies have been developed to facilitate the processing of data while preserving privacy (hence reaching the ideal situation of maximizing data utility while preserving data privacy), they have not made significant inroads into real use cases, due to several reasons. Fully homomorphic encryption, for example, despite being versatile in allowing various computations over federated sets of encrypted data, it suffers from a significant performance degradation as the amount of data to be processed increases, while complex calculations in large-scale deployments take a significant toll when multi-party computation methods are used. Another reason for the lack of uptake of such technologies is related to their user-friendliness, both for researchers and service providers, as well as for data owners. The type and configuration of the privacy-preserving technology to be used, as well as the level of privacy required for a given dataset and a given output, is often unclear to all parties involved. This is further exacerbated by the fact that not all relevant actors are aware of the legal and technical terms used in guidelines related to the privacy requirements of certain types of data.
ENCRYPT will address the aforementioned challenges by providing researchers and service providers working with personal and other sensitive data, with a scalable, practical, adaptable privacy-preserving framework facilitating the GDPR-compliant processing of such data stored in federated cross-border data spaces. Within this framework, a recommendation engine for citizens and end-users will be developed, providing them with personalised suggestions on privacy preserving technologies depending on the sensitivity of data and the accepted trade-off between the degree of security and the overall system performance.
The ENCRYPT framework will be designed taking into consideration the needs and preferences of relevant actors, and will be validated in a comprehensive, 3-phase validation campaign, comprising i) in-lab validation tests, ii) use cases provided by consortium partners in three sectors, namely the health sector, the cybersecurity sector, and the finance sector, that include cross-border processing of data, and iii) external use cases including privacy preserving computations on federated medical datasets. Through this validation campaign, the consortium will assess the developed solution via a wide set of KPIs, including performance, efficiency and scalability, user friendliness, and practicality, and will ensure the applicability of the ENCRYPT framework in the common European Data Spaces.
