Privacy-preserving and identity management technologies

Expected Outcome:

Projects’ results are expected to contribute to some or all of the following outcomes:

• Improved scalable and reliable privacy-preserving and identity management technologies for federated and secure sharing and for processing of personal and industrial data and their integration in real-world systems;
• Improving privacy-preserving technologies for cyber threat intelligence and data sharing solutions;
• Privacy by design;
• Contribution to promotion of GDPR compliant European data spaces for digital services and research (in synergy with DATA Topics of Horizon Europe Cluster 4). Also, contribution to the promotion of eID Regulation compliant European solutions;
• Research and development of self-sovereign identity management technologies and solutions;
• Provide resource efficient and secure digital identity solutions for Small and medium sized enterprises (SME);
• Strengthened European ecosystem of open-source developers and researchers of privacy-preserving solutions;
• Usability of privacy-preserving and identity management technologies.

Scope:

Using big data for digital services and scientific research brings about new opportunities and challenges. For example, machine-learning methods process medical and behavioural data in order to find causes and explanations for diseases or health risks. However, a large amount of this data is personal data. Leakage or abuse of this kind of data, potential privacy risks (e.g. attribute disclosure or membership inference) and identity compromises pose threats to individuals, society and economy, which hamper further developing data spaces involving personal data. Likewise, there are similar challenges for the exploitation of non-personal/industrial data assets that may compromise the opportunities offered by the data economy. Advanced privacy-preserving technologies such as, for example, cryptographic anonymous credentials, homomorphic encryption, secure multiparty computation, and differential privacy have the potential to address these challenges. However, further work is required to ensure and test their applicability in real-world use case scenarios.

The security of any digital service or the access to data is based on secure digital identities. The eID Regulation provides the legal framework on which to build technological solutions that address the user needs concerning their digital identity. With regards to personal data, it is also important to develop self-sovereign identity solutions that give users complete control on their personal data and use.

Proposals should address usability, scalability and reliability of secure and privacy-preserving technologies in supply chain and take integration with existing infrastructures and traditional security measures into account. They should further take into account, whenever needed, the legacy variation in data types and models across different organizations. The proposed solutions should be validated and piloted in realistic, federated data infrastructures such as, for example, European data spaces. They should ensure compliance with data regulations and be GDPR compliant by-design. Open-source solutions are encouraged.

Consortia should bring together interdisciplinary expertise and capacity covering the supply and the demand side, i.e. industry, service providers and, where relevant, end-users. The use of authentication and authorisation infrastructure framework tools developed for data spaces, and notably with the European Open Science Cloud, could be considered. Participation of SMEs is strongly encouraged. Legal expertise should also be added to ensure compliance of the project results with data regulations and the GDPR.

The identification and analysis of potential regulatory aspects and barriers for the developed technologies/solutions is encouraged, where relevant.