Privacy Enhancing Technologies (PET) for Official Statistics

Accelerating the adoption of PETs in the European Statistical System

THE PROJECT

The protection of data confidentiality is one of the core principles of official statistics. As the European Stastical System (ESS) is going to expand the base of data sources used for statistical purposes, there will be an increasing demand for processing data held across multiple organisations. Modern Privacy Enhancing Technologies (PETs) can help to achieve the highest possible standards for privacy and security in scenarios involving the integration of confidential data held by different organisations. Eurostat is contributing to accellerate the adoption of PET in the ESS in support of cross-organisational data processing.

The ultimate goal of this line of activity is to develop and deploy a shared infrastructure enabling ESS members and their partners to compute aggregate statistics from the integration of multiple confidential micro-data sets without exchanging their data with other parties. The envisioned system, called Multi-Party Secure Private Computing-as-a-Service (MPSPCaaS), leverages a combination of modern PETs such as Secure Multi-Party Computation and Trusted Execution Environment to offer an alternative solution to traditional data arrangements based on transmission of intelligible data.

THE MOTIVATION

The ESS innovation increases the demand for statistical indicators based on the integration of confidential data set held by different organisations. Examples include:

Statistics related to cross-border phenomena requiring integration of microdata held by statistical authorities in different countries.
New indicators requiring the integration of statistical data with other sources of non-statistical data from the public sector (e.g., administrative records) or from private data holders (e.g., Mobile Network Operators).

In the above cases, the target statistical indicator can be seen as the output result of a function computed on the combination of input data held by two or more organisations. In such a situation, the traditional approach foresees that the organisations holding the input data exchange them with each other or with an independent Trusted Third Party. In any case, the sending organisations must trust the receiving organisation that their data will be used solely for the agreed purpose and will be kept safe from external intruders. In other words, the sending organisations must trust the intentions and the technical capabilities of the receiving organisation. The traditional trust-based approach is not always viable in practice. The envisioned MPSPCaaS system will provide an alternative solution for situations where the traditional trust-based approach does not suffice. Inspired by the idea that “trust is good, but control is better”, the system will offer the possibility to data holders to remain in control of their input data during the whole computation process.

THE APPROACH

In a nutshell, the operation of the envisioned MPSPCaaS system may be described as "computing over encrypted data": the input data elements are transformed through advanced cryptographic techniques (e.g., secret sharing) in a form that is non-intelligible by the other parties other than the original data holders, but still allows the computation of the final result of the agreed-upon function. This is achieved by distributing the computation on encrypted data among multiple collaborating computing nodes in a way that prevents each individual node from gathering enough information to reveal the input data elements. This approach is based on the notion of “sharing computation instead of sharing data”. Additional organisational and technological measures, at both hardware and software levels, guarantee the security and confidentiality of the input data and any information derived thereof. Only the final result of the agreed-upon computation will be revealed to the pre-defined output party or parties. Finally, upon completion of the computation task, all transferred information (e.g., encrypted data and encryption keys) will be securely erased from the system. The system will be designed so as to avoid that any single entity has the technical capability to access the encrypted data, or equivalently execute any computation tasks on the data, without explicit authorisation by the other involved parties. In the face of proliferating opportunities for crossorganisational data processing within the ESS, the envisioned MPSPCaaS system will be instrumental to maintain the highest possible standards of data confidentiality and security, thus contributing to improved public acceptance and compliance to data protection legislation.

MORE INFORMATION

General landing page for PET activities at Eurostat: https://cros.ec.europa.eu/PET4OS
JOCONDE project webpage: https://cros.ec.europa.eu/ joconde
Discussion paper explaining the concept and motivation of the envisioned infrastructure: https://journals.sagepub.com/doi/10.1177/0282423X241235259

THE TEAM

Lead: Eurostat
External contractor: Cybernetica https://cyber.ee
Partners: volunteering National Statistical Institutes may be invited to participate in testing activities (details to be defined at later stage)

LAST UPDATE: January 2025

PARENT PAGE:

ESS Innovation Agenda portfolio | Eurostat CROS

Files

Factsheet-Privacy Enhancing Technology-2024.pdf475.12 KB