This content was created by the Data Sharing Coalition, one of the founding partners of the CoE-DSC.
The Data Sharing Coalition supports organisations with realising use cases at scale to exploit value potential from data sharing and helps organisations to create required trust mechanisms to share data trusted and secure. In our blog section ‘Q&A with’, you learn more about our participants and their thoughts, vision and ideas about data sharing. Pieter Verhagen, co-founder and CCO at Linksight, shares his thoughts.
1. Could you introduce your organisation?
Linksight is a recent TNO spin-off company, on a mission to make privacy-proof data analytics easy and scalable. We enable our customers to get data-driven insights from shared datasets – without actually sharing sensitive data – while staying in full control over what they share with whom, under what conditions. How? Through the cryptographic power of secure multi-party computation (MPC) in combination with our unique decentralised data governance.
MPC is an umbrella term for cryptographic technology that allows calculations on data while the data stays encrypted. Examples of the technologies we use are secret sharing, private set intersection, and homomorphic encryption. Each technology has its strengths and weaknesses, so we offer a platform that enables users to select the appropriate protocol for their use case. We believe MPC needs decentralised, technically enforceable data governance. On our platform, organisations can set and technically enforce the boundary conditions for a given data collaboration. Which organisations are involved? What data do they offer? Who is allowed to do what type of computation? Who can see the end result? And what type of business rules apply to avoid computations that ‘leak’ information? An example: when you are calculating an average for a certain subset, the system automatically stops if the subset is lower than e.g. N = 20. Otherwise, the answer could possibly reveal too much information about individuals within that subset. All calculations and changes to these governance settings are logged in an unchangeable audit trail, so organisations can prove their compliance afterwards.
In 2021, when still working at TNO, we were the first in the Netherlands to use MPC on real patient data. This project validated both the technology as well as the legal aspects. After achieving these results, we decided to quit our jobs at TNO and create a spin-off to bring this technology to the market. Our focus is mainly on healthcare and the public sector, because we believe this is where data collaboration can have the biggest impact. It can answer key questions such as: How can we reorganise our high-quality healthcare system to deal with an aging population and limited workforce and still remain accessible and affordable? How can we provide citizens with social issues with the interventions that really work? Currently, privacy is often seen as an obstacle to getting the data required to improve our healthcare system, our social system, etc. We believe that, with our technology, privacy and data collaboration can go hand in hand.
Currently, privacy is often seen as an obstacle to getting the data required to improve our healthcare system, our social system, etc. We believe that privacy and data collaboration can go hand in hand.
2. To what extent is your organisation involved in data sharing (within and across sectors)?
Our motto is: share insights, not data. We are 100% focused on (not) sharing data. Some public examples of our work are:
- TNO, together with Statistics Netherlands (CBS), health insurer CZ and the Limburg hospital Zuyderland, demonstrated for the first time in the Netherlands that MPC can be used in practice on personal data, while meeting the highest standards of the personal data protection. This was the project that we realised at TNO, and afterwards created Linksight as a spin-off company.
- Secure and privacy-by-design prediction models and platform for cardiovascular care. This is an R&D project where we are experimenting with more complex MPC together with academic hospitals.
- Winner of Digicampus Hackathon 2022. We presented a concept of an MPC solution that measured the impact of social care between municipalities, insurers, and social care organisations. We built an example showcasing how municipalities, healthcare organisations, and insurers can cooperate, and how this can be scaled.
- Data analysis for elderly care, with DSW Zorgkantoor, Pieter van Foreest Ouderenzorg and the municipality of Delft. In this project, we provide these organisations with our MPC platform so they can perform joint data analysis, in order to come up with new ways to improve quality, accessibility, and affordability of elderly care in the region of Delft.
3. Why is or should sharing data be important for your industry or domain?
Data sharing for the healthcare domain is of immense importance. With an ageing population and a very tight labor market, Dutch healthcare is struggling to remain accessible and affordable. Big steps in efficiency can be made by optimising the healthcare system as a whole – and data can support this. But healthcare organisations and insurers are struggling with the complexity of making data collaborations possible, and how to comply with the GDPR because the data is very sensitive. Therefore, our approach is to get the shared insights (instead of the data) flowing. This enables healthcare organisations to create a much faster learning loop: what care pathways are truly effective? What happens if we change something? Is the patient receiving better overall care?
4. What are the most promising data sharing developments and trends you see in your sector?
A tech related trend we see, is that privacy-by-design encryption technologies such as homomorphic encryption, secret sharing, and private set intersection are becoming operational, fast.
- Secret sharing allows information to be cut into three (or more) blocks. Each block remains a secret, but you can still conduct computations on the three blocks as if they were one. This helps to train models without sharing the underlying data.
- Private set intersection can proportionally reveal certain information that matches with a query, without revealing the information that does not match.
- Homomorphic encryption allows calculations on an encrypted dataset and is ideal when you want to do basic statistics.
A business trend is that privacy and data sharing are becoming strategic differentiators, instead of operational headaches. A major example is Apple, which offers its users the ability to opt-in for cross-app tracking (which obviously very little users do). At the same time, this will cost social media firms $10 billion in lost revenue.
5. How do you see the future of data sharing, and what steps are you currently taking in that direction?
In my view on the future of data sharing, every organisation is involved in a huge network of many strategic and operational data collaborations, but the amount of sensitive data that is actually shared within those collaborations is kept to a bare minimum. Privacy preserving technologies, such as MPC but also Federated Learning and Synthetic Data, will become commonplace.
When making a Data Protection Impact Assessment (DPIA), you don’t need to explain that you are using privacy preserving technologies, as our clients do now. You will need to explain why you are not using them. With these technologies now available, I believe that moment is getting closer.
To realise this future, I think we still need to raise a lot of awareness about the potential and practical applicability of these technologies, while at the same time every day improving our product and our business offering to suit the needs of the players in these data collaborations.
6. Why are you participating in the Data Sharing Coalition?
We only recently joined the Data Sharing Coalition. We did this to meet other pioneers in the field of data sharing and explore new and exciting use cases.
