Software that orchestrates secure and compliant data collaborations

As businesses grow increasingly reliant on data to make strategic decisions, more and more companies and organizations decide to collaborate and share information with each other. EPFL spin-off Tune Insight has developed a software program that allows users to process and analyze encrypted data from multiple sources, while keeping sensitive and confidential information protected against theft.
© 2022 EPFL

Big data is a big deal. In recent years, businesses and organizations in countless sectors and industries – healthcare, insurance, transport, politics and beyond – have developed statistical and analysis techniques to capture deeper and more targeted insights from customer, competitor and patient data, from product impact information and more. However, the amount of data that companies and organizations can collect is limited by regulations and practical constraints. The path to better analyses, modeling and forecasting lies in bringing in data from more sources. That’s why businesses and organizations are increasingly entering into bilateral data-sharing agreements. But they’re doing so cautiously, amid fears around data theft and confidentiality. The EPFL Center for Digital Trust spin-off Tune Insight has developed a new software program to support wider and more extensive data collaborations.

The decentralized system, the only one of its kind in the world, orchestrates secure collaborations around encrypted data from multiple sources while keeping sensitive and confidential information protected against disclosure. This technology, which is fully scalable and can be deployed remotely, has been successfully trialed on various types of data including medical records – arguably the most sensitive type of information. “What’s more, our system keeps organizations compliant with strict data protection laws and regulations such as the GDPR, which governs data processing in the European Union and for European citizens,” says Dr. Juan Troncoso-Pastoriza, CEO of Tune Insight. He adds that “we are entering a new era of data protection, with the ability to also encrypt data in use, in addition to encrypting data at rest and in transit. Tune Insight is at the forefront of this major transition.”

Data remains encrypted at all times

Tune Insight’s software prevents businesses and organizations from falling afoul of the GDPR, because the data is never transferred. The system mines the data for information, but the communications and calculations remain encrypted at all times. The technology is based on the principle of multiparty homomorphic encryption: an encryption algorithm hides certain numerical values in the data without compromising the ability to process it as normal. “Our technology captures the same insights from encrypted data as a conventional system processing unencrypted information,” says Troncoso-Pastoriza.

The software is the culmination of many years of research carried out at EPFL’s Laboratory for Data Security (LDS). It allows users to statistically analyze data and develop artificial intelligence models collaboratively without having to share the underlying data sets. “Existing technologies fall short of the mark when it comes to data protection,” explains Troncoso-Pastoriza. “They require organizations to share intermediate results, or they add noise to the data. In other words, they partially protect information against leaks by sacrificing accuracy.” The novel approach taken by Tune Insight opens up exciting new avenues for collaboration: by providing enhanced security guarantees, the system will make the process of negotiating multilateral data transfer and processing agreements much more straightforward. This has significant implications in healthcare, for example, where streamlined processes could speed up the development of improved diagnostics and treatments for cancer, rare diseases and other conditions.

Protoyping and pilots underway

Researchers at the LDS tested the system as part of a wide-ranging predictive, preventive, personalized and participatory (P4) medicine study, working with colleagues at Lausanne University Hospital (CHUV), Geneva University Hospitals (HUG) and the University Hospital of Bern. As part of the same study, the LDS team collaborated with researchers from the Broad Institute and MIT, accurately reproducing the results of two separate pieces of research that originally used unencrypted data. Their findings were published in Nature Communications in October.

Tune Insight, which is based at EPFL’s Innovation Park, completed an initial fundraising round with Wingman Ventures. It also reached the second stage of Venture Kick. The team behind the spin-off has presented the technology at various conferences, including at the Web Summit in Lisbon in November 2021. The company has released pilot versions of its software for the healthcare sector and is currently developing prototypes for cybersecurity, supply chain, insurance, banking and other industries.