If you decide to use Multi Party Computation to analyze sensitive data, inevitably you will have some legal questions. What are the legal requirements you need to take into account? In this article we will guide you to the current state of the legal perspective to kickstart your data collaboration.
The legal perspective – what’s different with MPC?
What differentiates MPC? Why is it that organizations can suddenly collaborate on data with MPC, while this was not possible before? How does this work from a legal perspective? It is important to understand that, when using MPC and processing data on secret shares, data is still considered personal data. The secret shares cannot be considered anonymous because the data can be reconstructed to its original form if the majority of all data owners collude. They remain personal data and so privacy regulations such as the GDPR still apply.
That being said, compliance with GDPR regulations becomes easier and more robust. Below we provide examples of typical requirements for dealing with personal data and how they can be enforced through the use of MPC:
- Purpose binding: Whenever personal data is processed, it needs to be clear what the purpose of the processing is. In traditional approaches, it is almost impossible to control what the data is used for once a copy of the data is shared - whether it is for the given purpose or beyond. With MPC, the data itself is not shared. Only a specific calculation, approved by the data owner, is allowed on the data. This is a very strong way of enforcing purpose binding.
- Data control: MPC does not require multiple copies of the data. Processing is performed directly on the source data. If the source data changes, the operation immediately includes that change. If a data owner decides to withdraw from the cooperation, they simply stop approving calculations on their data.
- Data minimization and proportionality: Only the results of the analysis are shared, not the underlying data. This leads to a vast reduction of data exposure. It makes the use of data far more proportional compared to a situation where all data must be exposed in order to get the same result.
- Data localization: Data in its original form does not leave the technical environment of the data owner. It is made available in the secret
shares and combined with other parties’ data while keeping their own data locally. In other words, it is the calculation on that data that travels, not the data itself. Often, the results are not personal data anymore (because of aggregation) and can be shared.
- Technical measures: MPC is a strong form of encryption that even holds in a post-quantum world. It can be proven mathematically that data remains secret, as long as a majority of the MPC servers do not collude.
- Organizational measures: The strong technical features of MPC can be further strengthened with the right organizational measures. Segregation of server access across the organizations of the data controllers results in a system in which none of the users are able to decrypt the data on their own. Data owners naturally want to protect their own data, so there is no incentive for them to collude with the other parties. Furthermore, data access and approval of the analysis are hardwired into a process of collecting digital signatures from all data owners. Without these signatures, no analysis can be performed on the data.
Today, few legal, compliance and data protection officers are familiar with MPC, and few tech experts oversee all legal implications. To reap the full benefits of this new technology, knowledge sharing is necessary.
Thank you for your time to read this article. If you have feedback or if you seek more information on specific topics, leave your comments below or reach out to support@rosemanlabs.com