Tools for improved data privacy

Lots of digital applications process personal data. This applies to user data on mobile phones and social media, but also sensitive medical analyses, audits for insurance companies, and creditworthiness checks. How can this information be effectively protected from misuse? How can data-processing companies protect both the data and their know-how in the form of their algorithms? Thomas Schneider, professor in the Research Field Information and Intelligence at TU Darmstadt, is working on these questions. He has now been awarded a prestigious Consolidator Grant from the European Research Council (ERC) for his research. The scientist's new project PRIVTOOLS will be funded with around two million euros over a period of five years.

Far beyond the major platforms such as Amazon, Google and Meta, data is collected and valuable information about user behaviour can be deduced from it. One example is credit bureaux that collect large amounts of financial data to assess the creditworthiness of individuals, have them evaluated by machine learning methods, and pass on the resulting credit ratings to their customers. The problem: so far, the data has mostly been processed unencrypted, and is therefore susceptible to cyberattacks and misuse for other purposes. At the same time, the fundamental right to privacy is enshrined in the law, especially in the European Union (EU). The EU’s General Data Protection Regulations (GDPR) requires companies to use robust data protection measures.

Tools for software developers

This is where Thomas Schneider's research comes in. In the new project PRIVTOOLS (“Tools for Protecting Data and Function Privacy”), he and his team will improve and unify privacy-preserving technologies and develop tools for their automatic generation. To this end, three different methods are considered in particular. Secure multi-party computation allows several participants to jointly compute a publicly known function without disclosing the secret input data. Private set intersection protocols allow participants to calculate intersections or variants of their secret databases. Private function evaluation enables the secure evaluation of a secret function on secret input data.

“The main goal of our project is the joint development of composable protocols and tools for the automatic generation of software that protects data and functions,” summarises Thomas Schneider. This will enable companies and authorities to process personal data securely and without leakage. The algorithms also remain protected as intellectual property. The protocols and tools developed in the PRIVTOOLS project are intended to be usable by software developers even without special expertise in cryptography, and will be provided free of charge as open-source software.