Beyond trust: Why we need a paradigm shift in data-sharing

Over the past 30 years, society has become used to free services on the internet. Users fell in love with the accessibility and openness of the search engines, email and video-sharing sites; the deal felt like a bargain at a time when data was a new resource of unknown value. Users trusted companies to store their information and grew accustomed to convenient, seamless online experiences. They shared and connected with abandon.

In parallel with the progressing digitalization of almost every area of life, artificial intelligence (AI) and analytics capabilities grew tremendously, enabling companies to transform random data trails into meaningful insights that helped them greatly improve business processes. Targeted marketing, location-based searches and personalized promotions became the name of the game. This eventually led to the ability to combine data from various sources into large datasets, and to mine them for granular user profiles of unprecedented detail in order to establish correlations between disparate aspects of consumer behaviour, making individual health risks and electoral choices ever more predictable – for those who held the data.

As data became recognized as the ‘new oil’, driving growth and innovation, the public started to understand how this new resource had made them vulnerable. Election interference. Insecure data collection. Privacy infringement. Simple tasks such as registering at a hotel, booking a car rental or ordering takeaway today run the risk of exposing consumer data. Epitomized by the Cambridge Analytica scandal, the problem of data abuse is now rampant. It turns out that even the technology used to create a smart home further jeopardizes privacy.

Public opinion swung from enthusiasm for free digital services to disillusionment and aversion to Big Tech and their data-sharing practices. The term ‘dataveillance’ was coined, reflecting the public's increasing concern and the gap of mistrust that had opened between consumers, enterprises and public institutions. Today, trust in institutions is at an all-time low.

With no simple opt-out of digital life, the call for legislation intensified and seemed to be the right way to regain order.

European and American legislators took up this challenge. The problem with data privacy regulation, however, is that it mainly limits what organizations can do with data — which has the adverse effect of limiting collaboration in the various fields that would be hugely beneficial to human progress.

Data sharing and collaboration between multiple parties has led to tremendous breakthroughs in the past decade. Think of medical multi-party studies benefiting from large sets of pooled patient data; smarter urban transportation thanks to real-time location data; or financial fraud detection based on cross-bank data analysis.

Current and upcoming regulations don't seem to take the collaborative opportunities of the data economy into account. In May 2018, a National Institutes of Health study on Type 2 diabetes was put on pause. The reason? The research included Finnish health records, which - under GDPR, the EU's data-protection regulations - could no longer be provided to the US researchers. Instead of sharing to advance their knowledge around the disease, the collaborators – and, ultimately, patients - were unable to leverage the benefits of the larger datasets.

If collaborations such as these, which enable the advancement of humanity, are unable to proceed due to data-privacy regulations, should society expect a regressive future? Will organizations have to resurrect the silos that existed before data-collaboration tools became available? Will this leave businesses in heavily regulated industries without the ability to exchange knowledge? Efficiency, growth, scientific discoveries and, critically, innovation could be hampered.

Encouragingly, however, there is a new breed of privacy-enhancing technology that can enable organizations to collaborate without the need for trust.

Cryptography has long been recognized as a method to protect data in transit (being sent from A to B) or at rest (in storage). Previously, data needed to be decrypted to be processed or analysed, but advances in cryptography are making it possible to perform analysis on encrypted data. They rely on math, not hardware or software. Privacy-enhancing technologies can now make data unseen and irretrievable, while - at the same time - both accessible and available for computation.

Homomorphic encryption (HE) is one such technique. HE allows data to remain encrypted while it is being used, analysed and processed. To visualize what this means: imagine securing personal data in a black box. This black box can be given to another entity, locked, without the key. That other entity can 'shake' this proverbial box, move the data around and perform analytics, without ever taking possession of the actual data inside. The data can then be returned with critical new insights — all without ever establishing or verifying mutual trust.

In the case of the paused diabetes research, the use of HE could allay security concerns around the sharing of highly sensitive data, and valuable progress could be made towards ameliorating a critical disease.

In the world of cybersecurity, data on attacks to one entity could be shared with peer organizations and governments without putting the confidentiality of the data at risk and possibly running afoul of data protection regulations.

The time has come for a paradigm shift around information sharing. When information can be shared without being exposed, and analysed without being revealed, the benefits of collaboration do not need to be filtered for trust. Our imagination can once again be unleashed to solve some of the most critical issues of our time.