Today, data has become deeply ingrained in all phases and aspects of industrial and scientific research. The potential for new services based on data-driven research is growing fast, due to the high volume and granularity of personal data collected by individuals, e.g., by means of ubiquitous sensors and IoT devices.
However, small and medium-sized companies typically face challenges in acquiring and storing personal data, particularly in sensitive data categories. Especially in Europe, the GDPR, in effect since May 2018, stipulates high standards in data protection and imposes substantial fines for non-compliance. Moreover, security breaches have the potential to go beyond financial impact and ruin a company permanently. Lost reputation and trust of customers cannot be regained easily. Without a strong background in IT and big budgets, providing a secure platform for data storage and analysis is often beyond their capabilities. All of the above comprise major obstacles, and as a consequence, companies often refrain from collecting data centrally and e.g. offer apps that analyze data locally instead. While this reduces the attack surface, it means losing on the potential of data analytics and learning from data, and thereby hinders innovative services and research. As an example, identifying trends over populations of users is not possible.
Furthermore, companies could improve their analysis by including data from different companies and users, but there is no established way to request such data and individuals often refrain from sharing data due to lack of trust. We believe that individuals would contribute their data to research and welcome services that enhance their experience (e.g. in the fitness and medical domain), if security and privacy are guaranteed and users keep control by giving explicit consent.
To tackle these problems, the WellFort project aims to research the basic mechanisms to (a) provide secure storage for users’ sensitive data, (b) deliver a trusted analysis environment for executing data analytics processes in a controlled privacy-preserving environment, (c) combine data from different companies for analysis while respecting user privacy and consent given. Based on the project results, it will be possible to operate a trusted platform where companies can securely execute data analysis algorithms. A novelty of this approach is that companies do not get direct access to data, but only in aggregated or anonymised form. In addition, they can benefit from a large group of individuals that are potentially willing to share their data for research. Users on the other hand benefit from a privacy and security respecting platform for their data, and can contribute to research projects in a secure manner. Finally, scientific researchers have a detailed source of microdata, if data owners give consent to their research proposals.