Privacy Enhancing Technologies

If you want to join the session, mail and indicate that you want to participate in this roundtable. You’ll receive a link in time.

10th December 2020 13:00 – 15:30 - Privacy Enhancing Technologies and GDPR

The analysis of data from different sources is becoming increasingly important. In addition to creating added value, the process of combining different datasets leads to new insights, better decision-making, and more robust research (including market research), in addition to stronger products and services. At the same time, relevant data is often too sensitive to be casually shared with others. The European privacy legislation (General Data Protection Regulation or GDPR) introduces new restrictions on which data can be shared, for what purpose, and in what way.

In July 2020 PI.Lab organized a roundtable on Multi-Party Computation (MPC) and anonymization. This resulted in a multi-disciplinary session with privacy experts, legal experts and technical MPC experts, whom all shared ideas and opinions. The discussion involved topics such as identifiability and to what extend cryptographic techniques can result in anonymous data processing.

During this next roundtable we would like to take the discussion one step further. The discussion is broadened to Privacy Enhancing Technologies including MPC and federated learning, and on the other hand focuses on the implications and context in the GDPR. The central questions will include, but are not limited to, the following:

  • What does privacy-preserving mean?
  • What are identification risks and how are these limited with Privacy Enhancing Technologies?
  • To what extend may Multi-Party Computation or Federated Learning result in the anonymity of data?
  • What are legal challenges (such as joint controllership) when working with Privacy Enhancing Technologies such as secret sharing?

The roundtable will be hosted as a digital video conference.


13:00 – 13:10 Introduction (Alex Sangers, TNO)

13:10 – 13:25 Privacy Enhancing Technologies (Tjerk Timan, TNO)

13:25 – 13:40 Q&A and discussion

13:40 – 13:55 Pseudonymisation and anonymisation in the GDPR (Frederik Zuiderveen Borgesius, Radboud University Nijmegen)

13:55 – 14:10 Processing of anonymous data with MPC (Anna Zsófia Horváth, Göttingen University)

14:10 – 14:30 Q&A and discussion

14:30 – 14:40 Break

14:40 – 14:55 Joint controllership: controlling without processing? (Triin Sill, Cybernetica)

14:55 – 15:10 Considerations when applying GDPR to Privacy Enhancing Technologies (Marc van Lieshout, Radboud University Nijmegen)

15:10 – 15:25 Q&A and discussion

15:25 – 15:30 Closing remarks (Alex Sangers, TNO)

Tjerk Timan (MA, Ph.D.) currently works as a policy analyst at TNO, The Netherlands. In this position he works on digitisation and the impact this has on public policy such as the BDVA, the Once – Only Principle and the eOverdracht information standard for healthcare data, and he is delving into the practice of AI and safeguarding public values through projects related to privacy-by-design in the age of (big) data and fairness and transparency in algorithmic decision-making, specifically in the public sector. Common questions in these projects evolve around societal and organizational embedding of novel ICTs and the potential impact of new technologies on different actors He was one of the first to research the impact of body-worn camera use by the police in the Netherlands and he has previously worked in the field of law enforcement technologies and cybersecurity, investigating the interplay of surveillance, privacy and regulation-through technology.

Prof Frederik Zuiderveen Borgesius is Professor ICT and Law at Radboud University Nijmegen, where he is affiliated with the interdisciplinary research hub on Security, Privacy, and Data Governance: the iHub. His research interests include privacy, data protection, and discrimination, especially in the context of new technologies.

Anna Zsófia is a young privacy professional with legal background. She received her juris doctor degree at the ELTE in Budapest (2016), and a Master’s Degree of German and European law at the University of Göttingen (2018), where she is a PhD Candidate. Her main fields of interest are how new technologies and data protection laws interact with each other, the regulation of new technologies, and how technological developments affect fundamental rights. Her thesis examines data protection and privacy issues of IoT and smart systems. She is co-author of the German Commentary on Electronic Media Law, Section GDPR. She has been involved in several data protection and privacy related projects, e.g. Horizon2020 project SODA, which had the objective of developing secure MPC technique for facilitating health big data analysis.

She is currently working as a Trainee at the Technology & Policy Unit of the European Data Protection Supervisor.

Triin Siil (MA’10, University of Tartu, PhD on hold) is the Legal Counsel on Privacy-Enhancing Technologies (PET) at Cybernetica AS (EST), a pioneer in implementing secure multi-party computation technologies. She consults the company in data protection and informational privacy related issues. Her main tasks involve preparing the legal and organisational setting for implementing PET-based analytics solutions, conducting data protection impact assessments and educating clients regarding legal questions related to PETs, mostly in the context of personal medicine and mobile location data. As part of her PhD studies, she did research on co-ownership of intellectual property rights, transfer of license agreements, open innovation and data as property in University of Tartu (EST), University of Mannheim (GER), University of Copenhagen (DEN) and University of New Hampshire (USA). Previously she worked as a Senior Associate in Law Firm GLIMSTEDT specialising in IT, IP and data protection law (2007-2017) and as a Legal Counsel at the Technology Transfer Office of the German Cancer Research Center (2016).

Marc van Lieshout MSc (1957), is senior scientist at TNO. He is working within the Unit Strategy, Analysis & Policy on digital privacy and identity management issues, especially looking at privacy and data protection in digital health. He is CIPP/E certified. His main focus of research is responsible data processing approaches, related to health and lifestyle. He closely cooperates with TNO researchers in the Healthy Living Unit. He has developed a privacy  framework RESPECT4U that helps organising the various perspectives on responsible and accountable processing of personal data. He has been working in many national and international research projects and has delivered a large number of articles and presentations over the years.

Besides being a researcher at TNO, Marc also works as managing director of a recently established research centre at the Radboud University, iHub. The centre focuses on interdisciplinary research in the field of security, privacy and data governance.