Riccardo Dolci & Wirawan Agahari, TU Delft, WP2
In today’s digitally transformed and connected world, data has become a critical strategic corporate resource. In this context, data marketplaces are becoming more popular since they enable wider accessibility and more efficient interaction among companies. Despite this, there are several barriers in sharing data through this type of platform, such as lack of trust, security, privacy, and transparency.
The introduction of privacy-enhancing technologies, such as secure Multi-Party Computation (MPC) could offer a significant contribution to overcoming these barriers. However, two aspects remained unclear:
- Could secure MPC be implemented in the data marketplace domain, especially as an instrument to enforce control in the data marketplace?
- What are the values that secure MPC could create for data marketplace providers?
For this reason, within the WP2 in Safe-DEED, we are investigating the adoption of secure MPC by data marketplace providers for exercising control. To achieve this objective, we conducted semi-structured interviews with experts and practitioners in both MPC and data marketplace domain.
There are several key findings of this research:
- We have identified three goals of the data marketplace regarding control: (1) ensure the security and the privacy of the data; (2) guarantee that a data provider has complete control over its data; (3) ensure the correct execution of the computation.
- Three key features of the MPC technology could enable control in the data marketplace: (1) information-theoretic security or computational security, (2) agreement protocols before starting the computation and identification mechanisms if someone deviates from it, (3) and correct execution of the computation.
- In terms of enforcing control in the data marketplace, the adoption of MPC could create three central values: (1) preserving the data, (2) enabling data ownership, and (3) preserving the result of the computation. These values are generated by the relationship between the control objectives of the data marketplace and the MPC features.
- The value creation process of MPC in the data marketplace could be influenced by three factors: (1) perception of the technology, (2) the need for the technology, and (3) resource availability.
- Some constraints could also influence the adoption of MPC among data marketplace providers. Firstly, a data marketplace provider may perceive the MPC as unsafe because of the difficulty of understanding the technology. Secondly, a data marketplace provider could consider that secure MPC does not currently present an adequate maturity level to adopt the technology in its platform. Finally, a data marketplace provider could prefer to maintain its current situation to avoid a radical change.
- There are some implications of MPC implementation in the data marketplace. First, if the platform has a centralized structure, the data will not be stored on the platform anymore. Instead, the data will remain with the data provider. Second, if the data marketplace focuses only on data exchange offerings, the platform would be able to offer new types of products, such as data insights. Finally, the adoption of the MPC in a data marketplace would result in additional costs.
An overview of our findings is illustrated in the conceptual model below.
Through this study, we provide insights into the MPC literature by exploring a new possible application of the technology. MPC literature, indeed, currently focuses mainly on how to improve MPC in terms of efficiency and scalability without investigating its potential applications. We have shown that secure MPC could satisfy several needs in the data marketplace context. We also managed to identify factors affecting MPC adoption in a data marketplace.
This research also provides practical contributions to the business actors involved in data-sharing domains and to MPC developers. Data marketplace operators could get benefits from this study by discovering a new strategy in governing data marketplaces to increase the number of participants in the platform. By considering the adoption of security technology like MPC, they can also assure data providers to exchange their data safely in the platform, increasing the quantity and the variety of data. This result may allow data marketplace providers to achieve a sustainable economic success of the company and establish themselves in the market. This study could also contribute to raising the interest in MPC technology, thus fostering the spread and application of this technology in different domains.
This article is based on a master thesis research conducted at TU Delft. The full version of the thesis can be accessed at https://repository.tudelft.nl/islandora/object/uuid:1d568346-86d5-402b-babe-26d2ba46809b?collection=education