Whenever there are valuable insights to be learned from a set of personal data, Sharemind can act as a bridging solution to analyse the data set from a distance while keeping it private and assuring compliance with the relevant personal data laws and regulations. In this post, we will give you a short overview of the mechanisms to protect privacy when using Sharemind. The post is aimed at lawyers and other non-technical readers who wish to better understand the functionalities of Sharemind in the context of the General Data Protection Regulation (GDPR).
One of the central features of GDPR is a risk-based approach to privacy and personal data protection. Controllers and processors must run objective assessments of the risks to the rights and freedoms of natural persons before launching any activities to process their personal data. Where data processing operations are likely to result in a risk, appropriate and effective measures are required to make sure that such operations comply with the GDPR.
Sharemind is a privacy-preserving data analytics solution which combines the key features of different privacy-enhancing technologies (PET). It is an all-in-one solution for most demanding data processing use cases where privacy is a must-have. Sharemind employs cutting-edge cryptographic techniques, which enable a variety of tools for designing a privacy-preserving analytics set-up. This makes it a perfect fit for the GDPR framework where such tools are required to safeguard personal data processing activities.
GDPR expressly mentions a number of technical and organisational measures that may be considered appropriate in the given circumstances to protect the rights and freedoms of natural persons, for example:
- encryption of personal data (Recital 83; Articles 6.4(e), 32.1(a), 32.3(a))
- anonymization and processing without identification (Recitals 26 and 156; Articles 11 and 89.1)
Below is an overview how those measures are implemented in the Sharemind platform.
Sharemind makes use of several cryptographic technologies:
- Homomorphic secret sharing - before uploading data to Sharemind for calculations, data providers are required to protect their data by means of a technology called homomorphic secret sharing (for technical details, see: technology page). Secret sharing can be thought of as traditional encryption but without a key. This step assures that all input data can be kept secret during its processing as well as at a later stage when the results of the processing are being analysed.
- Secure multi-party computation – Data protected by homomorphic secret sharing has properties that allow computations on it without decrypting it first. This is where another technology called secure multi-party computation comes into play (for technical details, see: technology page). When data providers have uploaded their secret-shared data to Sharemind, Sharemind servers run pre-agreed protocols to jointly compute a function over the input data while keeping those inputs private. None of the other data providers, hosts of Sharemind servers or analysts of output data can see the values of the original data, nor are they able to decrypt it during processing.
- Transport Layer Security – all communication between the participants in the Sharemind analytics process use the Transport Layer Security (TLS). This is an end-to-end encryption technology ensuring that the interaction between data providers, Sharemind server hosts and analysts does not leak valuable information about the input and output data or the processing activities in Sharemind. Moreover, TLS provides message integrity and mutual authentication for the communicating parties.
Anonymization and processing without identification
In Sharemind, data providers are responsible for ensuring that all values that can identify an individual are marked as private (private data) when data is imported to Sharemind. The specialised SecreC programming language used in Sharemind ensures that private data cannot be revealed to any participants in the Sharemind analytics process. This means that data providers can also mark any personal data as private data and thus protect it from being disclosed to third parties.
A host of a Sharemind server cannot access any private data during computations, during transit nor while it is held in storage. Also, data analysts can run queries and receive information exclusive of private data. The final computation result can be decrypted by an authorised analyst only if all Sharemind server hosts and data owners agree to send the computation output to this party.
These characteristics of Sharemind enable data controllers and processors to demonstrate that the input data is processed without identification and the output data can be analysed and shared without identification. Essentially, Sharemind enables queries into anonymous data and also provides answers in anonymised form.
The principles of privacy-by-design and privacy-by-default have been the guiding ethos for Sharemind since the launch of its development in 2007, even if the terms were not widely used then. They have been implemented in a variety of built-in mechanisms that allow data controllers and processors use Sharemind as an all-in-one solution for engineering privacy for various analytics settings in the framework of GDPR, regardless of industry or business domain.