Paper 2022/491

Multi-Party Computation in the GDPR

Lukas Helminger and Christian Rechberger

Abstract

The EU GDPR has two main goals: Protecting individuals from personal data abuse and simplifying the free movement of personal data. Privacy-enhancing technologies promise to fulfill both goals simultaneously. A particularly effective and versatile technology solution is multi-party computation (MPC). It allows protecting data during a computation involving multiple parties. This paper aims for a better understanding of the role of MPC in the GDPR. Although MPC is relatively mature, little research was dedicated to its GDPR compliance. First, we try to give an understanding of MPC for legal scholars and policymakers. Then, we examine the GDPR relevant provisions regarding MPC with a technical audience in mind. Finally, we devise a test that can assess the impact of a given MPC solution with regard to the GDPR. The test consists of several questions, which a controller can answer without the help of a technical or legal expert. Going through the questions will classify the MPC solution as (1) a means of avoiding the GDPR, (2) Data Protection by Design, or (3) having no legal benefits. Two concrete case studies should provide a blueprint on how to apply the test. We hope that this work also contributes to an interdisciplinary discussion of MPC certification and standardization.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. Privacy Symposium 2022
Keywords
Multi-Party ComputationGDPRCompliancePrivacy Enhancing Technologiesand Privacy by Design
Contact author(s)
lukas helminger @ iaik tugraz at
History
2022-04-23: received
Short URL
https://ia.cr/2022/491
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/491,
      author = {Lukas Helminger and Christian Rechberger},
      title = {Multi-Party Computation in the {GDPR}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/491},
      year = {2022},
      url = {https://eprint.iacr.org/2022/491}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.