Toon Segers

CPO at Roseman Labs

Published on: 1 April 2020

Ready for Privacy 2.0?

From sensitive to anonymous

One of the ground-breaking insights in the UN and EC studies is that the data is considered “anonymous” after the initial encryption step, officially referred to as “secret-sharing” step.

No processing of personal data

Processing personal data with MPC is not considered “data processing” under the GDPR. This is because MPC provides uniquely strong security and privacy features to data owners.

GDPR concepts become elegantly simple

Protection by default (Art 25.)

The fact that data remains encrypted during a business process is a significant paradigm shift versus today’s use of data.

MPC also provides a significant level of protection: to steal or leak data, a malicious actor needs to compromise the admin keys of multiple trustees (this can be compared to protection by two-factor authentication or segregation of duties).

No processing of PII (Art 4.)

The output of the initial encryption step (the “secret-shares” used during the operation) are considered non-personal data.

As we will see below, legal experts explain that operations done on the secret-shared data is not considered processing of personal data due to MPC’s unique data protection properties.

Rights of the data subject (Art 12-23.)

As personal data is not centralized or exchanged, the controller maintains control over the data, simplifying access (Art. 15), accuracy/ rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), etc.

Quotes from the studies

UN Handbook on Privacy Preserving Computation Techniques

One of the first significant precedents for secure multiparty computation was reached in Estonia with the Private Statistics project in 2015. In the project, 10 million identifiable tax records were linked with 600 000 identifiable education records and statistically analysed using secure multiparty computation. The Data Protection Agency, after studying the technical and organisational controls of the system, stated that no personal data was processed. The precedent has also been upheld with the MPC servers hosted in the public cloud. 

The PRACTICE project (European Commission Framework Programme 7) spent significant effort in analysing legal aspects of secure computing technologies. The report studies the Estonian precedent described above under the European General Data Protection (GDPR) regulation and finds that precedent can be upheld under the GDPR.

Further research has been performed by the SafeCloud project and SODA project.”

See UN Handbook on Privacy Preserving Computation Techniques, page 47.
Also see EU Horizon 2020 PRACTICE, Deliverable D32.3, Section 3.2.

EU Horizon 2020 study Scalable Oblivious Data Analytics

“The fact that the data fragmentation procedure [secret-sharing step] as such is processing of personal data does not mean that the output data has to fall under the scope of the GDPR. On the contrary, based on the arguments put forward here the data shards that have undergone the partitioning are considered to be non-personal data.”

“If personal data is turned into non-personal data, then the subsequent storage of the data pieces should not be considered ‘data processing’ within the frames of Art. 4 Nr. 2 and the data protection provisions in general. Following this logic, the analytics carried out using MPC shall be considered as analysis carried out with feature data.

As to the technical details, structure and design of the processing, MPC is a state-of the-art privacy preserving tool. The cryptographic solutions in use protect the data from intruders during the analysis. Intruders in this sense mean unauthorised external adversaries not intended to have access to the anonymised data.”

See EU Horizon2020 SODA, Deliverable D3.5, Section 3.