The WellFort project, coordinated by SBA, researches the basic mechanisms to

• provide secure storage for users’ sensitive data,
• deliver a trusted analysis environment for executing data analytics processes in a controlled privacy-preserving environment,
• combine data from different companies for analysis while respecting user privacy and consent given.

A novelty of this approach is that companies do not get direct access to data, but only in aggregated or anonymised form. In addition, they can benefit from a large group of individuals that are potentially willing to share their data for research.

Expected Outcome

Based on the project results, it will be possible to operate a trusted platform where companies can securely execute data analysis algorithms. A novelty of this approach is that companies do not get direct access to data, but only in aggregated or anonymised form. In addition, they can benefit from a large group of individuals that are potentially willing to share their data for research. Users on the other hand benefit from a privacy and security respecting platform for their data, and can contribute to research projects in a secure manner. Finally, scientific researchers have a detailed source of microdata, if data owners give consent to their research proposals.

A brief summary of the resuts is provided in

• Tomasz Miksa, Tanja Šarčević, Rudolf Mayer, Laura Waltersdorfer. WellFort: A Platform for Privacy-Preserving Data Analysis. ERCIM NEWS 126 July 2021 13, https://ercim-news.ercim.eu/en126/special/wellfort-a-platform-for-privacy-preserving-data-analysis
• Fajar J. Ekaputra, Andreas Ekelhart, Rudolf Mayer, Tomasz Miksa, Tanja Šarčević, Sotirios Tsepelakis, Laura Waltersdorfer. Semantic-enabled Architecture for Auditable Privacy-Preserving Data Analysis. Semantic Web Journal, 2020. http://w3id.org/wellfort

• GitLab: https://gitlab.isis.tuwien.ac.at/wellfort/wellfort-swj
• Screencast: https://gitlab.isis.tuwien.ac.at/wellfort/wellfort-swj/-/tree/master/screencast

The conceptual architecture of the platform is depicted in the figure above. There are three distinct actors:

• Users store their data in the platform, give consent to analyse it, etc. They use an application provided by the organisation and interact with the platform using a dedicated user interface.
• Analysts can run experiments on the platform. They define which types of data will be used and perform the actual analysis.
• Auditors can analyse evidence collected to answer specific audit questions that depend on the purpose of the audit, e.g., a litigation case. A special form of auditor is a user wanting to know when and by whom their data was used.
• The architecture consists of three component groups (each marked with dashed lines in Figure 1), each serving a different purpose:
• Secure Repository – stores data uploaded by a user, together with a fine-grain consent [1], and allows the selection of data to be used in experiments by the analyst.
• Trusted Analysis Environment – selected data that fulfils experiment criteria, e.g., consent, fit for purpose, etc. is duplicated to this component for further analysis. This component provides mechanisms to conduct data analysis in a privacy-preserving manner, e.g. using DataShield [2]. Data selection is usually expressed via queries.
• Audit box – collects and manages provenance data to support auditability [3]; it can be accessed to answer audit-related questions on personal data access and usage.