EDPS: Multi-Party Computation Could Help Ensure Data Access and Privacy
Balancing access to data and confidentiality is getting tougher as data sharing continues to drive innovation, European Data Protection Supervisor Wojciech Wiewiorowski said Thursday. However, secure multi-party computation (SMPC) could reconcile those conflicting goals by allowing organizations to jointly compute insights without revealing the underlying data, he said.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
SMPC is "no longer a purely academic concept, but a cornerstone of the next generation of privacy-enhancing technologies," Wiewiorowski said. Unlike traditional encryption, which protects data only when it's stored or transmitted, SMPC ensures confidentiality throughout the computation process. By distributing computation and storage across multiple parties, SNPC also helps reduce the impact of external attacks, since there's no single data repository to breach, the EDPS said.
However, SMPC faces key hurdles. First, it's computationally intensive, and the additional communication and processing overhead can slow performance, particularly in use cases requiring real-time responsiveness. Interoperability is also an issue, because the current SMPC framework often depends on specialized cryptographic libraries and tailored communication protocols, while integration with existing infrastructure, like cloud environments, is "far from seamless," Wiewiorowski added. Standardization, usability improvements and cross-sector collaboration are needed to overcome these barriers, the EDPS said.
SMPC also faces legal challenges. Frameworks like the GDPR weren't designed with cooperative competition in mind, where no single actor holds or controls a full dataset. Questions such as the identity of the controller when no one can see the data are now reaching DPAs, which are working toward clearer guidance and regulatory certainty.
SMPC "is not a magic shield," Wiewiorowski cautioned. While it reduces the exposure of raw data, it doesn't automatically guarantee ethical or legal processing, he said: The technology must be embedded in transparent governance systems and ethical oversight to ensure that it serves the public good.
Down the road, quantum technologies might enable quantum-safe or quantum-enhanced multiparty protocols, the EDPS noted. The office is already preparing for this through technology-monitoring initiatives that track emerging technologies and their implications for privacy and data protection, it added.