Cybernetica and Eurostat have developed a new privacy-preserving approach for computing statistics from sensitive data

“Our service model, where we combine technology and legal assessment, opens up new uses for existing data, while protecting data confidentiality and fundamental rights to privacy. ”

Dan Bogdanov

Head of Information Security Research Institute

Cybernetica and Eurostat have demonstrated the feasibility of leveraging secure computation technologies to produce aggregate statistics from mobile network operator data while preserving the anonymity of mobile phone users. The project, ideated and contracted by Eurostat, relied on Cybernetica’s secure computation technology Sharemind. The developed solution allows the processing of data sets from one or more organisations without exposing any individual data points, thus preserving the confidentiality of the data sets and the privacy of the individuals.

The project relied on synthetic data to demonstrate the scalability of the adopted technological solution and its suitability to process location data from mobile network operators. In addition to technological aspects, the project involved a study by Cybernetica’s experts on the legal aspects related to this type of data processing. The project results lay the foundation for conducting statistical analysis on real personal data in future pilot projects.

The project promotes transparency in the process of reusing citizens’ data held by private companies for public purposes. It shows that organisations can successfully compute public statistics without having to share or lose control of sensitive data.

According to Dan Bogdanov, Head of Information Security Research Institute at Cybernetica and the creator of Sharemind, the Eurostat project clearly shows that secure computing is no longer just a “research lab” playground, but is fully applicable in real-world production scenarios today: “Our service model, where we combine technology and legal assessment, opens up new uses for existing data, while protecting data confidentiality and fundamental rights to privacy. For example, in statistics the developed solution can be used for computing aggregate density and mobility patterns of the entire population, thus providing valuable input for policy making and other public purposes, without disclosing any information about individuals.”

According to Fabio Ricciato, who ideated and managed this project in Eurostat, secure computing technologies have enormous potential for the future of official statistics. Statistical offices are seeking to reuse an increasing range of new data sources collected by other entities for the production of new and better statistics, including but not limited to location data from mobile network operators. Secure computing technologies are the key to ensuring strong protection of individual privacy and transparency as to what information is extracted from the input data and how. “I think that secure computing technologies will become the ‘new normal’ in all fields where information needs to be distilled by the combination of data held across different organisations. With this project, Eurostat has taken the first step in this direction. Thanks to this project we have a better understanding of what the technology can offer and what are the challenges for prospective adopters of these technologies,” said Ricciato.

“Organisations that focus on foundational security with Intel SGX have seen the benefits of exclusive and secure parameters around data and the management of that data”, said Paul O’Neill, Director of Strategic Business Development in Intel’s Confidential Computing Group. “Cybernetica’s innovative technologies are an important step in partnering with government entities in protecting citizens’ confidential information and controlling how and where sensitive data is processed regardless of locale.”

The research for Eurostat was conducted in 2020-2021 with Cybernetica’s Sharemind HI technology, which uses the Trusted Execution Environments (TEE’s) with Intel® Software Guard Extensions (Intel® SGX) technology. Sharemind HI fully utilises the three key concepts that Intel® SGX provides to help protect data – enclaves, attestation and data sealing.

Read more about the project results and documentation.