With the establishment of the GDPR (General Data Protection Regulation ), the EU is in the process of In many cases, the data operator is not actually interested in the critical data - rather, they are interested in a derivative thereof, which in itself is not privacy ensitive at all. An electricity retailer, for example, may not be interested in a 15- minute interval consumption measurement of their customers, but is highly interested in knowing what all their customers taken together consume. This only turns into a privacy issue (and thus subjects them to the GDPR) because they don't know how to obtain the endresult without first collecting the individual data. Modern Privacy Enhancing Technologies make it possible to both eat the cake and get it. For the above example, we have demonstrated that it is possible to obtain aggregated information of encrypted individual measurements without ever being able to decrypt the privacy sensitive data. This allows the data operators to obtain high quality data they need, without needing to touch (and thus protect) the critical privacy sensitive data.

Selected Publications

Privacy-Friendly Aggregation for the Smart-Grid

Implementation of Privacy-Friendly Aggregation for the Smart Grid

High level Overview of Private Aggregation Protocols