Danish researchers need not fear stricter data protection laws

The EU plans to introduce much stricter data protection laws. Danish researchers are concerned that this might prevent them from using registers for research. But that need not be the case.

2014.06.04 | Marlene Nybro Thomsen

According to Professor Ivan Bjerre Damgård, Department of Computer Science at Aarhus University, and head of the Alexandra Institute's Security Lab, Jakob Pagter, it is possible to protect data by using techniques that enable computation on data without looking at it. This makes it possible to use such data despite the law tightening.

Data remains encrypted at all times

The solution is an encryption technique called secure Multi-Party Computation (MPC), in which the Alexandra Institute and Aarhus University are world-leading. It can protect all types of data, including for example health records of the population.

- The secure computation technique is now so mature that we can actually compute on data while it is still encrypted. This means that we can design systems for handling confidential data because the data remains encrypted at all times, and we can send exactly the data we want to disclose, Ivan Bjerre Damgård explains.

He is Aarhus University's Center Leader of CFEM - a collaboration among economists and computer scientists, including the Alexandra Institute, that deals with electronic market mechanisms.

More efficient data protection

The deployment of the technique is highly relevant in relation to the planned tightening of EUs data protection laws. Danish researchers and politicians have expressed their concern that if EU's data protection regulations are implemented, it will force researchers to ask each individual for permission to use data for research, which is regarded as completely unrealistic by many.

The use of data records is particularly relevant when researchers want to investigate why people acquire cancer or identify the side effects of medicines. In such cases, researchers draw upon Danish research records where large amounts of data is stored. This data can be correlated with the Danish Civil Registration System to find new correlations.

The technique can help ensure that only the relevant data is disclosed, which will ultimately ensure a more refined data protection, according to Ivan Bjerre Damgård.

- With our solution, it is possible to compute on encrypted data. The locker is locked with digital keys, so to speak, each of which belongs to the individuals who have agreed to see the result. The door in the locker cannot be opened until all the validated digital keys have been inserted. Therefore, it is not necessary to provide open access to all records as we can disclose exactly the information that the researchers need, he explains.

Technique is closer to market

The technique was developed in the 1980s as pure basic research. However, today it is deployed in many practical applications, such as supply chain management and cloud computing.

Personal data records for research is one application. Benchmarking and secure auctions are other applications. The technique is for example used in the Danish energy sector by Energiauktion.dk where companies can drive down the price of electricity by putting next years power consumption up for auction on the Internet. The system uses secure computation to find the best bid and ensures that bids are kept confidential.

- Auctions are a good example because they require confidentiality to solve a natural conflict between buyers and sellers. This applies to all situations that involve an inherent conflict between parties. There could also be a conflict if there are rules against correlating certain data or figures, says Kurt Nielsen, economist and partner in CFEM.

Further information

For further information about how to use the technique, please contact:

Ivan Bjerre Damgård
Aarhus University, Department of Computer Science
+45 87156258
+45 20837137
ivan@cs.au.dk

or

Jakob Pagter
The Alexandra Institute
+45 21 65 10 93
jakob.i.pagter@alexandra.dk