Combine data spaces and Privacy Enhancing Technologies for larger and secure shared data analysis

How to get insights from data shared between organisations while also safeguarding sensitive data? Both data spaces and Privacy Enhancing Technologies (PETs) can do this. But despite this similarity, the development of data spaces and PETs is driven by two different communities with different approaches. Real progress can be made if we combine both methods. This combination enables us to get insights from larger numbers of (privacy sensitive) data and still meet the required privacy protection.

Conclusions in whitepaper confirmed by Spanish AEPD

Freek Bomhof and Harrie Bastiaansen (and others), both consultants at TNO and affiliated with the CoE-DSC, recently published a whitepaper on this subject; ‘Leveraging the benefits of combining data spaces and privacy enhancing technologies’. Their conclusions about the advantages of combining data spaces and PETs are now being confirmed by the Spanish privacy Authority (AEPD) and The European Union Agency for Cybersecurity (ENISA). In their report about the workshop ‘DATA SPACES IN EU’ : Synergies between data protection and data spaces, EU challenges and experiences of Spain”, they stated that including GDPR principles in the design of data spaces is a clear requirement to reach the data sovereignty goals of data spaces.

Scalable data sharing

In their whitepaper Harrie Bastiaansen and Freek Bomhof clarified that both data spaces and PETs emerged in response to the need to share data between organisations in a trusted way. PETs are used to get the outcome of a data analysis without having to view the data itself. So the data used for the analysis isn’t traceable to an individual. This is very relevant but not scalable, since a consultant always has to set up a new tailormade combination of PETs for each new analysis in order to perform it. Another scalability challenge arises when you want to combine PETs of different vendors. To do this, some form of standardisation between organisations is needed. Applying PETs within data spaces can help, because involved parties have to adhere to agreements and standards that are already used in a data space. Read the interview with Harrie and Freek to learn more.

Sharing succes cases will help overcome hessitance

In their report, the AEPD defined the term ‘sharing’ as ‘accessing and processing’, which is not the same as personal data transfer and copy. This is an essential observation, which fully resonates in the PET community. Furthermore, the Spanish AEPD emphasised that, to achieve data protection by design and by default in European data spaces, standardisation plays an important role. Technical standards in general foster trust among different actors in data spaces and provide common baseline benchmarks. Creating trust is essential, because the Spanish AEPD sees that organisations are hesitant to share data using PETs or other technologies due to two reasons:
1. A lack of awareness about these solutions
2. A lack of regulatory guidance on the matter

Sharing success cases of data sharing will surely help to overcome this and will result in more trust in new technologies.

Share:

Read more

Neutral overview map of big non-European cloud services

On February 4, 2025 AMS-IX , one of the largest internet hubs in the world, and ECP| platform for the Information Society, presented a neutral overview map with all the pros and cons of non-European cloud services to the Digital Affairs Committee of the House of Representatives.

Data Sharing Festival 2025 – Last call to register online!

On Tuesday 4th and Wednesday 5th of February 2025, the next edition of the Data Sharing Festival will take place. This year’s topic is ‘Next Level Dataspaces: Adopt, Scale and Roll-out’. Check the program, speakers, interactive breakout-sessions and register.

Debrief Gaia-X Summit in Helsinki

The 5th Gaia-X Summit was held on November 14-15, 2024 in Helsinki. The theme of the summit was “Empowering Global Data Spaces, Shaping Tomorrow’s Cloud Infrastructure”. The event focused on presenting the Gaia-X Roadmap for 2025, as well as updates on the technical progress of Gaia-X Compliance & Label and the Trust Framework. Here you can find the Debrief of the Gaia-X Summit 2024.