Realising platform control in data marketplaces through Secure Multi-Party Computation

Abstract

Practical problem: In today's digitally transformed and connected world, data has become a critical strategic corporate resource. In this context, data marketplaces are becoming more popular since they enable wider accessibility and more efficient interaction among companies. Despite this, there are several barriers in sharing data through this type of platforms, for instance, lack of trust, security, privacy and transparency. The introduction of privacy-enhancing technologies, such as secure Multi-Party Computation (MPC) could offer a significant contribution to overcoming these barriers. However, it is still unclear if secure MPC could be implemented in the data marketplace domain, especially as an instrument for controlling the platform, and what are the affordances that it could offer to data marketplace providers. For this reason, this research study aims to investigate the potential adoption of secure MPC by a data marketplace provider for realising platform control. Methodology: the exploratory nature of this research required to conduct a qualitative study to address the problem and achieve the aforementioned target. In particular, given the specific characteristics of this research, a survey research was undertaken. Regarding the data collection method, semi-structured interviews were conducted among data marketplace providers operating in the mobility domain, data marketplace experts and MPC developers and experts. Results: the adoption of MPC could generate three main affordances for a data marketplace provider in terms of platform control: (1) preserving the data, (2) enabling data ownership and (3) preserving the result of the computation. These affordances are generated by the relationship between the data marketplace provider’s goals in terms of platform control and the features of the MPC technology. Regarding the former, the following goals were identified: (1) ensure the security and the privacy of the data; (2) guarantee that a data provider has complete control over its data; (3) ensure the correct execution of the computation. Concerning the latter, three key features offered by the MPC technology could enable platform control: (1) information-theoretic security or computational security, (2) agreement protocols before starting the computation and identification mechanisms if someone deviates from it, (3) and correct execution of the computation.
The realisation of the affordances could be influenced by three factors: (1) perception of the technology, (2) need for the technology, and (3) degree of effort required. The results showed that secure MPC could satisfy several different needs of a data marketplace provider. However, some constraints could influence the adoption of MPC among data marketplace providers. Firstly, a data marketplace provider may perceive the MPC as unsafe because of the difficulty to understand the technology. Secondly, a data marketplace provider could consider that secure MPC does not currently present an adequate maturity level to adopt the technology in its platform. Finally, a data marketplace provider could prefer to maintain its current situation in order to avoid a radical change.
The adoption of MPC technology by a data marketplace provider could cause several impacts on its platform. If the platform has a centralised structure, the data will not be stored in the platform anymore, but they will remain with the data provider. Moreover, if a data marketplace focuses only on data exchange offerings, it would be able to offer a new type of product in its platform (e.g. insights). Finally, the adoption of the MPC in a data marketplace could cause additional overhead in the functioning of the platform. Theoretical and practical contributions: regarding the former, this study contributes to the literature of data markets, platform control, MPC, and affordance theory. Concerning the latter, this research provides practical contributions to the business actors involved in data-sharing domains and to MPC developers. Limitations: firstly, it was not possible to focus the research on data marketplace involved exclusively in the mobility domain and to reach theoretical saturation also for the fourth sub-research question of the study because of the difficulty of reaching informants. Secondly, two of the data marketplace providers interviewed worked for a data marketplace, which is not currently operating anymore. Moreover, in some cases, it was necessary to interview a person with a different role in the company compared to the one initially selected. Thirdly, since some of the interviewees did not have the time to study the MPC description document before the interview, it was necessary to verbally explain it, thus possibly affecting both the validation of the document and the understanding of the technology. Future research: Firstly, by conducting more interviews, it could be possible to identify more factors. Secondly, future research could be undertaken to validate the model of this research through quantitative studies. Thirdly, further researches could be pursued to update the taxonomy of data marketplaces. Fourthly, future research could be carried out to explore the introduction of secure MPC in other settings. Finally, it could be interesting to explore the different perspectives of the actors involved in a data marketplace (e.g. data providers and buyers).