Many businesses use cloud services to analyse high volumes of data, but this means that businesses lose control of data and that privacy cannot be safeguarded. A European innovation project involving researchers from Karlstad University will create a new platform for enhancing privacy in data analysis. The aim is to increase the security of businesses and safeguard individuals’ privacy when using cloud services for data analysis.
PAPAYA, the Platform for Privacy preserving data Analytics, is a European innovation project that will create a new platform for enhancing privacy in data analysis. The platform will not have direct access to the data that will be analysed, resulting in a new type of cloud service that enables completely secure analysis of sensitive data such as personal or patient data.
There is a significant demand for secure analytic services, particularly after the introduction of the General Data Protection Regulation (GDPR), which places higher demands on safeguarding privacy.
"Adding noise to the data or using cryptographic systems means that the platform does not have direct access to the data and the data can therefore only be interpreted by the data owners," says Simone Fischer-Hübner, project leader and Professor in Computer Science at Karlstad University. "Soon hospitals will for example be able to analyse patient data using the cloud service, something that is problematic at the moment because of the Patient Data Act and GDPR."
Many benefits with de-identification
In addition to securing the analysis of sensitive data on the platform, it is also valuable to identify larger trends in high volumes of data without tracing the information to individuals. Information that may be analysed in this way includes data related to the tourism industry and urban or traffic planning.
"The data could for example be on how people move between cities," says Simone Fischer-Hübner. "Where do people stop to eat or sleep when they drive from Luleå to Stockholm? Mobile phone companies can already see in detail how individuals move because the technology works in this way. But there are legal restrictions on how this information can be used. Hopefully, robust built-in protection at the analysis stage will make it possible for mobile phone companies to analyse general movements, for example to map trends in movement patterns. They would then be able to sell this information."
The project will run over three years, and in addition to representatives from Karlstad University, participants include researchers from the French research centre Eurecom, as well as representatives from Atos, IBM, Orange Labs and MediaClinics. The project budget is 2.9 million Euro, of which half a million Euro has been allocated to Karlstad University (c. SEK 5 million).
Researchers at Karlstad University are involved in developing requirements related to GDPR and usability. They will also develop tools for explaining how the data persons’ data are analysed in a manner that is secure and enhances privacy.
Read more about the project here.
