What were the main lessons learned?
“The compute-to-data concept is certainly very appealing as it gives control to the data provider and still enables automation of data processing. Automation of control has been achieved by applying concepts such as K-anonymity (a privacy model) and synthetic data (generated by algorithms). For some scenarios, the distributed data does need to be brought together to support the required analysis (e.g., certain regressions). For these scenarios secure multi-party computation is a great privacy-enhancing technology.”
How can the results of this experiment be applied further?
“UNL is planning a pilot with AMdEX partners, including SURF, the collaborative organisation for IT in Dutch education and research. Three or more universities will participate. The pilot will be used to facilitate the discussion on the agreements to be made between the universities on how data will be exchanged, considering the various trade-offs. The pilot should make the questions concrete and the effects of decisions tangible.”
What user scenarios did you encounter in the usecases?
“The first scenario is Manual Approval. Each consortium member can submit data processing requests (i.e. to act as a data consumer). All data providers (the universities) can accept or deny such requests. Scenario 2 is Automatic Processing and Clearing. Manual approval by the data custodian is not necessary, as the AMdEX infrastructure can automatically approve requests for synthetic data. The Trusted Third Party (TTP) in scenario 3 is neither data user nor data owner, but a service provider. The TTP is a member of the consortium and the dataspace.
The three scenario’s we encountered will be described at length in our deliverable.”
What are the recommendations for future research or experiments?
“We would like to experiment with the automatic enforcement of (parts of) the agreements made during the pilot phase. We’re particularly interested in seeing how the agreements can be used to configure privacy-enhancing techniques such as synthetic data generation and secure multi-party computation.”