SEAL icon indicating copy to clipboard operation
SEAL copied to clipboard
verified publisher icon microsoft

Why Homomorphic encryption cannot be used to enable data scientists to circumvent GDPR?

Open macknight opened this issue 3 years ago • 7 comments

"Homomorphic encryption cannot be used to enable data scientists to circumvent GDPR." why couldn't it be used to circumvent GDPR? GDPR aims to protect privacy, right? And HE could make customer data private in all the computation processes. So HE is a good way to circumvent GDPR, isn't it?

macknight avatar Jul 27 '22 02:07 macknight

image

macknight avatar Jul 27 '22 02:07 macknight

And HE could make customer data private in all the computation processes.

Then who will decrypt the result? Why wouldn't it decrypt the encrypted data before computation?

WeiDaiWD avatar Jul 28 '22 00:07 WeiDaiWD

I mean GDPR is aimed at protecting personal data and privacy? And HE could protect the user's data by encrypting it and sending the encrypted data to cloud services for computation and the user, at last, get the encrypted result and then user decrypts the encrypted result to get the actual result while cloud services do not know the user's privacy because the data is encrypted when cloud services handle the data. This satisfies the aim of GDPR to protect privacy. so looks like HE could work well with GDPR. Does "circumvent" the same meaning as "work well"?

macknight avatar Aug 01 '22 06:08 macknight

You'd better consult with a privacy law attorney. I cannot offer legal advice here. What I know is that "satisfying the aim of GDPR" is different from "complying with GDPR".

WeiDaiWD avatar Aug 01 '22 19:08 WeiDaiWD

You'd better consult with a privacy law attorney. I cannot offer legal advice here. What I know is that "satisfying the aim of GDPR" is different from "complying with GDPR".

Thank you. So why "Homomorphic encryption cannot be used to enable data scientists to circumvent GDPR." is basically because HE is a technique thing while GDPR is a law thing thus they could not be talked about in the same sense, right?

macknight avatar Aug 02 '22 05:08 macknight

So why "Homomorphic encryption cannot be used to enable data scientists to circumvent GDPR." is basically because HE is a technique thing while GDPR is a law thing thus they could not be talked about in the same sense, right?

Right, GDPR does not specify techniques.

WeiDaiWD avatar Aug 09 '22 18:08 WeiDaiWD

So why "Homomorphic encryption cannot be used to enable data scientists to circumvent GDPR." is basically because HE is a technique thing while GDPR is a law thing thus they could not be talked about in the same sense, right?

Right, GDPR does not specify techniques.

Cheers

macknight avatar Aug 11 '22 05:08 macknight