Realising platform control in data marketplaces through Secure Multi-Party Computation: A qualitative study exploring the use of Secure Multi-Party Computation (MPC) as an instrument for realising platform control in data marketplaces

Practical problem: In today's digitally transformed and connected world, data has become a critical strategic corporate resource. In this context, data marketplaces are becoming more popular since they enable wider accessibility and more efficient interaction among companies. Despite this, there are several barriers in sharing data through this type of platforms, for instance, lack of trust, security, privacy and transparency. The introduction of privacy-enhancing technologies, such as secure Multi-Party Computation (MPC) could offer a significant contribution to overcoming these barriers. However, it is still unclear if secure MPC could be implemented in the data marketplace domain, especially as an instrument for controlling the platform, and what are the affordances that it could offer to data marketplace providers. For this reason, this research study aims to investigate the potential adoption of secure MPC by a data marketplace provider for realising platform control. Methodology: the exploratory nature of this research required to conduct a qualitative study to address the problem and achieve the aforementioned target. In particular, given the specific characteristics of this research, a survey research was undertaken. Regarding the data collection method, semi-structured interviews were conducted among data marketplace providers operating in the mobility domain, data marketplace experts and MPC developers and experts. Results: the adoption of MPC could generate three main affordances for a data marketplace provider in terms of platform control: (1) preserving the data, (2) enabling data ownership and (3) preserving the result of the computation. These affordances are generated by the relationship between the data marketplace provider’s goals in terms of platform control and the features of the MPC technology. Regarding the former, the following goals were identified: (1) ensure the security and the privacy of the data; (2) guarantee that a data provider has complete control over its data; (3) ensure the correct execution of the computation. Concerning the latter, three key features offered by the MPC technology could enable platform control: (1) information-theoretic security or computational security, (2) agreement protocols before starting the computation and identification mechanisms if someone deviates from it, (3) and correct execution of the computation. The realisation of the affordances could be influenced by three factors: (1) perception of the technology, (2) need for the technology, and (3) degree of effort required. The results showed that secure MPC could satisfy several different needs of a data marketplace provider. However, some constraints could influence the adoption of MPC among data marketplace providers. Firstly, a data marketplace provider may perceive the MPC as unsafe because of the difficulty to understand the technology. Secondly, a data marketplace provider could consider that secure MPC does not currently present an adequate maturity level to adopt the technology in its platform. Finally, a data marketplace provider could prefer to maintain its current situation in order to avoid a radical change. The adoption of MPC technology by a data marketplace provider could cause several impacts on its platform. If the platform has a centralised structure, the data will not be stored in the platform anymore, but they will remain with the data provider. Moreover, if a data marketplace focuses only on data exchange offerings, it would be able to offer a new type of product in its platform (e.g. insights). Finally, the adoption of the MPC in a data marketplace could cause additional overhead in the functioning of the platform. Theoretical and practical contributions: regarding the former, this study contributes to the literature of data markets, platform control, MPC, and affordance theory. Concerning the latter, this research provides practical contributions to the business actors involved in data-sharing domains and to MPC developers. Limitations: firstly, it was not possible to focus the research on data marketplace involved exclusively in the mobility domain and to reach theoretical saturation also for the fourth sub-research question of the study because of the difficulty of reaching informants. Secondly, two of the data marketplace providers interviewed worked for a data marketplace, which is not currently operating anymore. Moreover, in some cases, it was necessary to interview a person with a different role in the company compared to the one initially selected. Thirdly, since some of the interviewees did not have the time to study the MPC description document before the interview, it was necessary to verbally explain it, thus possibly affecting both the validation of the document and the understanding of the technology. Future research: Firstly, by conducting more interviews, it could be possible to identify more factors. Secondly, future research could be undertaken to validate the model of this research through quantitative studies. Thirdly, further researches could be pursued to update the taxonomy of data marketplaces. Fourthly, future research could be carried out to explore the introduction of secure MPC in other settings. Finally, it could be interesting to explore the different perspectives of the actors involved in a data marketplace (e.g. data providers and buyers)

Business model implications of privacy-preserving technologies in data marketplaces: The case of multi-party computation

Privacy-preserving technologies could allow data marketplaces to deliver technical assurances to companies on data privacy and control. However, how such technologies change the business model of data marketplaces is not fully understood. This paper aims to bridge this gap by focusing on multi-party computation (MPC) as a cryptographic technology that is currently being hyped. Based on interviews with privacy and security experts, we find that MPC enables data marketplaces to employ a “privacy-as-a-service” business model, which goes beyond privacy-preserving data exchange. Depending on the architecture, MPC could transform data marketplaces into data brokers or data aggregators. More complex architectures might lead to more robust security guarantees and lower trust requirements towards data marketplace operators. Furthermore, MPC enables new offerings of privacy-preserving analytics and services as new revenue sources. Our findings contribute to developing business models of privacy-preserving data marketplaces to unlock the potential of data sharing in a digitized economy.Information and Communication Technolog

Addition of either pioglitazone or a sulfonylurea in type 2 diabetic patients inadequately controlled with metformin alone: impact on cardiovascular events. A randomized controlled trial.

Metformin is the first-line therapy in type 2 diabetes. In patients inadequately controlled with metformin, the addition of a sulfonylurea or pioglitazone are equally plausible options to improve glycemic control. However, these drugs have profound differences in their mechanism of action, side effects, and impact on cardiovascular risk factors. A formal comparison of these two therapies in terms of cardiovascular morbidity and mortality is lacking. The TOSCA.IT study was designed to explore the effects of adding pioglitazone or a sulfonylurea on cardiovascular events in type 2 diabetic patients inadequately controlled with metformin. METHODS: Multicentre, randomized, open label, parallel group trial of 48 month duration. Type 2 diabetic subjects, 50-75 years, BMI 20-45 Kg/m(2), on secondary failure to metformin monotherapy will be randomized to add-on a sulfonylurea or pioglitazone. The primary efficacy outcome is a composite endpoint of all-cause mortality, nonfatal myocardial infarction, nonfatal stroke, and unplanned coronary revascularization. Principal secondary outcome is a composite ischemic endpoint of sudden death, fatal and non-fatal myocardial infarction and stroke, endovascular or surgical intervention on the coronary, leg or carotid arteries, major amputations. Side effects, quality of life and economic costs will also be evaluated. Efficacy, safety, tolerability, and study conduct will be monitored by an independent Data Safety Monitoring Board. End points will be adjudicated by an independent external committee. CONCLUSIONS: TOSCA.IT is the first on-going study investigating the head-to-head comparison of adding a sulfonylurea or pioglitazone to existing metformin treatment in terms of hard cardiovascular outcome