Paper 2022/491
Multi-Party Computation in the GDPR
Lukas Helminger and Christian Rechberger
Abstract
The EU GDPR has two main goals: Protecting individuals from personal data abuse and simplifying the free movement of personal data. Privacy-enhancing technologies promise to fulfill both goals simultaneously. A particularly effective and versatile technology solution is multi-party computation (MPC). It allows protecting data during a computation involving multiple parties. This paper aims for a better understanding of the role of MPC in the GDPR. Although MPC is relatively mature, little research was dedicated to its GDPR compliance. First, we try to give an understanding of MPC for legal scholars and policymakers. Then, we examine the GDPR relevant provisions regarding MPC with a technical audience in mind. Finally, we devise a test that can assess the impact of a given MPC solution with regard to the GDPR. The test consists of several questions, which a controller can answer without the help of a technical or legal expert. Going through the questions will classify the MPC solution as (1) a means of avoiding the GDPR, (2) Data Protection by Design, or (3) having no legal benefits. Two concrete case studies should provide a blueprint on how to apply the test. We hope that this work also contributes to an interdisciplinary discussion of MPC certification and standardization.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published elsewhere. Minor revision. Privacy Symposium 2022
- Keywords
- Multi-Party ComputationGDPRCompliancePrivacy Enhancing Technologiesand Privacy by Design
- Contact author(s)
- lukas helminger @ iaik tugraz at
- History
- 2022-04-23: received
- Short URL
- https://ia.cr/2022/491
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/491,
author = {Lukas Helminger and Christian Rechberger},
title = {Multi-Party Computation in the {GDPR}},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/491},
year = {2022},
url = {https://eprint.iacr.org/2022/491}
}
