GDPR & AI

Secure multiparty computation (MPC) is a holistic end-to-end data protection solution ideal for a data driven economy. In fact, the MPC system makes it possible to achieve two otherwise conflicting objectives:

  • To ensure decentralized control and privacy to citizens and organisations
  • To gain central value by combining and computing data across distributed data sources

Hereby, MPC allows the continued use of highly valuable, sensitive information by services that can benefit individual citizens, companies, and society as a whole. A third way that allows sensitive data to be used without violating fundamental rights to privacy or the “bargaining positions” of individuals and companies.

Here we show how MPC is aligned with data protection rules and strategies such as General Data Protection Regulation (GDPR) and EUs data strategy related to the use of Artificial Intelligence (AI). In particular, we focus on how the so-called PBC Platform that combines blockchain technologies and MPC and allow for any balance between transparency and privacy. 

GDPR, MPC and the PBC Platform

The General Data Protection Regulation (GDPR) defines rules for how to protect personal identifiable information (PII) on EU citizens. PII or personal data in GDPR terms, means any information relating to an identified or identifiable natural person (a data subject).

MPC is an ideal example of so-called security-by-design or privacy-by-design that supports data minimization as it is described in the GDPR regulation. An MPC application is designed for a specific analytical purpose and the designated parties only receive the agreed upon results. On the contrary, if the MPC system were to allow general computations, the intersections between results (from the MPC system) could reveal the sensitive data. In that case, the whole security setup would provide a false sense of security. Though, used with care, MPC can boost the data economy in a privacy-preserving manner.

The PBC Platform uses blockchain technologies to create transparency about the use of MPC without compromising confidentiality. As traditional permissionless blockchains are characterised by open access, transparency and immutability, GDPR key requirements such as right to privacy, right to correct data and right to be forgotten is not necessarily compliant. Or in other words, how do you make:

  • Open access and transparency match right to privacy?
  • Immutability matches the right correct data and to be forgotten?

One solution would be to always keep data encrypted on the blockchain. The immutability ensures that the encrypted information stays on the ledger forever and at some point, it will be broken by brute force.

The only sustainable solution is to not store PII on blockchains and only use the blockchain as reference point. One solution creates a link using a hash value and point at data stored off-chain.

The PBC Platform goes one step further by creating a second private layer to each node in the blockchain. The public layer is a tradition open semi-permissioned blockchain programmable through public Smart Contracts. The private layer facilitates zero-knowledge computations orchestrated through private Smart Contracts.

Hereby, PII can be kept off-chain and privacy-preserving zero-knowledge computations are orchestrated through the PBC Platform.

Right to privacy solved: Data is kept private in all stages: at rest, in transit and process

Right to be forgotten solved: Data is used ad hoc and the encrypted data used in zero-knowledge computations are deleted after use.

AI, MPC and the PBC Platform

The PBC Platform makes it possible to meet otherwise conflicting goals as we combine:

  1. Decentralized control and privacy or confidentiality for individuals and organizations
  2. Insights generated by combining data across individuals and organizations

Decentralized control and privacy (or more precisely confidentiality) are increasingly demanded by both citizens and companies. For citizens the right to privacy is regulated in certain regions of the world (such as GDPR in the EU) and for companies, concerns and regulations regarding competition, require measures to manage confidential information in general.

On the other side, the very value of the information society is driven by the ability to bring sensitive data together across citizens and organizations. Also, the data that reveals individuals’ and organizations’ behavior are both the most sensitive and the most valuable data.

The very goal for the PBC Platform is to pave the way for a new balanced way to harness the best from both protecting and using data for a more sustainable data-driven society.

The PBC Platform achieves this golden balance through an architecture with two separate layers that goes across computation nodes and networks: 

  • A public and transparent blockchain layer programmable through public Smart Contracts
  • A private zero-knowledge (ZK) computation layer programmable through private Smart Contracts

This architecture provides an efficient bedrock for ZK computations and a unique balance between transparency and confidentiality while using ZK computations. 

Consider the use of machine learning models; here the public part of the PBC Platform can keep track of the machine learning models and the data used, and the private part of PBC Platform can keep both data and model confidential.

In other words, the PBC Platform implements the EU data strategy for AI.

EXPLORE APPLICATIONS

Partisia Data Solutions

Insights Network

Learn More

Partisia Data Solutions

DFG Platform

Learn More

Partisia Data Solutions

Virtual Public Registers

Learn More

Partisia Data Solutions

Surveys

Learn More