Skip to main content

Safe Data Enabled Economic Development

Periodic Reporting for period 1 - Safe-DEED (Safe Data Enabled Economic Development)

Reporting period: 2018-12-01 to 2020-05-31

The pace of growth of the European data market in the next years will be strongly influenced by our ability to develop a healthy supply-demand ecosystem. Organizations will need to adopt data-driven innovation and digital transformation to keep up with international competition. International competition demands reducing costs by incorporating digital processes and data that improve productivity and efficiency. Data Markets play a fundamental role to providing the necessary data but are currently hampered by barriers such as:
• Lack of trust in data suppliers and data aggregators
• Lack of awareness of data sharing benefits and business opportunities
• Businesses fear of losing power/ control of own data
• Enterprises uncertainty in the implementation of GDPR

As privacy and trust remain key in the data sharing debate, Privacy enhancing technologies (PET) are expected to play a prominent role by 2025. Safe-DEED takes a highly interdisciplinary approach, and brings together partners from cryptography, data science, business model innovation, and the legal domain to focus on improving PET technologies and improving trust to keep up with global macrotrends and the data economy. Furthermore, as it has been recently shown that even among large companies, many have no data valuation process in place, Safe-DEED provides a set of tools to assess the value of data. Thus, incentivizing data owners to make use of the cryptographic protocols to create value for their companies and their clients.

Safe-DEED brings together three companies (Forthnet, Infinion, LS-Tech) to provide use-cases for secure multi-party computation (MPC), data anonymisation and data valuation technologies that three research centers (Know-Center, Eurecat, RSA) are developing. Exploiting Safe-DEED technology requires business model innovation in light of legal and ethical considerations. Safe-DEED dedicates therefore each of these aspects their own work package, under the leadership of two university partners (TU Delft, KU Leuven). Furthermore, the technology components are developed modularly, able to be deployed on-premises of the use-case partners, as well as adopted by emerging data market infrastructures, such as those developed by Data Market Austria, IDS or the TRUSTS project.
TU Delft analysed the implications of privacy-preserving technologies (PET) from a thread and business model perspective. For that purpose, TU Delft researched threat and incentive models for data markets and showed that secure multi-party computation (MPC) eliminates various business threats (e.g. loss of control over data or data leakage). Thus, by enhancing trust and reducing security risks, MPC potentially increases the incentives to share data. Subsequently, TU Delft analysed together with Know-Center the implications of the Safe-DEED technologies on business models for PET providers and users. First pen-and-paper based versions of business model decision support tools were developed: a data map, a data-driven business models canvas, and data service cards which allow a playful way of brainstorming on new business models.

KU Leuven identified and analysed the applicable EU legal frameworks and ethical principles when sharing personal data. This resulted in guidelines which should be taken into account when processing personal data in Forthnet’s use-case and also in general. Furthermore, KU Leuven analysed and compiled binding and non-binding EU legislations relevant to the processing of non-personal data, as in the case of Infinion’s industrial data use case or in data markets.

Safe-DEED features a data valuation component (DVC) which is developed by Eurecat. The DVC will allow companies to evaluate the potential benefit of sharing their data. Furthermore, Eurecat has conducted work to formalize the context attached to data and the characterisation of the data with various quality measures. Based on a context and context-specific quality measures, a usability score will be estimated and used for valuation later in the project. A first version of the DVC was developed as a standalone web application and also integrated in the personal use case demonstrator (Forthnet).

MPC and private set intersection (PSI) are key methods in privacy-preserving technologies. Know-Center is working to improve the scalability of these methods to large data sets. Thus, laying the foundation for the application of MPC and PSI in practice. Furthermore, two new cryptographic primitives were developed for privacy-enabled multi-user data aggregation for large data sets: “MPC-accumulators” and “aggregated private information retrieval”. Besides MPC and PSI, RSA performed an analysis of the personal data use-case from a (de-)anonymisation perspective and also developed a de-anonymisation risk analysis tool and integrated it in the personal data use-case demonstrator.

Safe-DEED is currently developing two demonstrators, a personal use-case demonstrator based on CRM data (Forthnet, LSTech) and an industrial use-case demonstrator based on Available-To-Promise data (Infinion). The demonstrators integrate first versions of the developed components (i.e. data valuation, MPC, PSI, de-anonymisation risk analysis) and consider the relevant legal aspects. Furthermore, the use-cases were used as a testbed for the developed business model decision support tools.
The Safe-DEED project aims at addressing a combination of technical, business and legal challenges in the areas of data privacy and data valuation. The key highlights in progressing towards these objectives in the first period have been:

• A new cryptographic primitive dubbed MPC-accumulators, with a wide range of applications from digital identity management systems to certificate transparency, was developed and published. The method addresses strategies for symmetric cryptography mod p and demonstrates an improvement in throughput by more than a factor of 4 and simultaneously a 5-fold reduction in pre-processing effort.

• A new data valuation algorithm has been developed. Our research in this area has been based on the analysis of features influencing data value. This work lays foundations for further work in this so far still largely unexplored but high-potential area. Quantitative evaluation and integration (in data markets and as part of data pricing strategies) of such data valuation methods remains to be one of the challenges we will explore in the second half of the project.

• Two secure MPC protocols have been designed for the use-cases to demonstrate the applicability of secure MPC. Focus has been put on ensuring that the solutions require no cryptographic knowledge from the side of the user. In the second half of the project, we will focus on publicly documenting our solutions and making them available as docker containers.

• A set of demonstrators has been developed to show the scalability of the Safe-DEED technologies in the context of the partner companies’ use cases.

• The first concept of decision support tools for business models which support pricing and multi-party business models have been developed.

• To increase trust in data markets, we have been developing guidelines which should be taken into account when processing personal data and analysed and compiled binding and non-binding EU legislations relevant to the processing of non-personal data.