Governance Framework for MPC data collaborations based on the use case in the Dutch elderly care
The Data Sharing Coalition presents a report on the key findings of a use case related to monitoring the Dutch elderly care through MPC technology. In this use case, our participant Linksight collaborates with DSW Health Insurance and Zorgkantoor, the municipality of Delft and elderly care organisation Pieter van Foreest to monitor and improve care provisions for elderly citizens in the Delft, Schieland and Westland region. The Data Sharing Coalition provided support to develop a governance framework for the data collaboration to make sure new participants can join, new use cases are adopted, and new valuable insights are generated. The report covers relevant case aspects and a governance design that could serve as blueprint for future MPC cases.
Governance framework increases trust in an MPC data collaboration
Multi-Party Computation (MPC) is an emerging technology in the domain of data sharing, which allows multiple organisations to collaborate on data and generate valuable insights, while keeping all input data private1. Collaborations that need to generate insights from sensitive data can use MPC to organise trust and preserve privacy. However, when scaling up such MPC data collaborations, tensions between participants are expected to occur as they make new requests to the network (i.e. requests for new joiners, requests for generating new insights from new datasets). For example, tension could occur when participants submit a new request for an insight (a.o. statistics on spendings and savings for specific patient groups, average time spend in care wards/nursing homes). Some participants want to keep strict control over their data, while other participants want to maintain pace for handling the request to get that new insight. These dynamics between participants cannot be resolved by MPC technology alone. Therefore, a governance framework is required to maintain both control and pace in a growing data collaboration.
Governance consists of various control mechanisms facilitated by network roles
To optimally handle any request within the collaboration, the governance framework consists of various control mechanisms and roles. Firstly, there are baseline control mechanisms such as onboarding procedures, contracting, managing governance rules, and Data Protection Impact Assessments (DPIAs). Secondly, additional mechanisms could be used based on participants’ specific preferences for control and pace, including direct control, delegation of control, and fast lane procedures. The execution of these mechanisms belong to the responsibility of network roles, including data stewards, collaboration authority, and administrators. See figure 1 for the summary on governance design, for more refer to the full report below. Figure 1. Governance design for MPC data collaboration
Governance design can be re-used in other MPC use cases
The developed framework design can be re-used as a blueprint for organising governance in other MPC data collaborations, because the mechanisms introduced to facilitate trust in a growing network are generally applicable. The study revealed that to stimulate growth, MPC data collaborations are advised to apply mechanisms that remain relevant in the long term. For example, participants should be encouraged to align on purpose, scope, and risks for collaborating, so they are able to better design their DPIAs and ensure GDPR compliance. In addition, contracting should be established through an authority, since this is more advantageous than bilateral contracts that need to be re-made each time a new participant joins2. More details on the findings can be found in the report.
Are you interested in this use case and would you like to know more? Or do you have an idea for a (cross-domain) data sharing use case? Please contact us at email@example.com
1 See UN Guide on Privacy Enhancing Technologies – Section 2.1.
2 See Data Sharing Canvas – Section 7.3.2.