Data clean rooms are safe and secure environments where multiple parties can bring their data together for advanced analysis, allowing enterprises and organizations to enable previously unexplored and blocked use-cases that required sensitive data collaboration. Data clean rooms facilitate analysis of sensitive and confidential data within pre-defined guidelines and privacy controls.
Decentriq’s data clean rooms leverage confidential computing technology and run in isolated Secure Enclaves, providing data encryption in-use in addition to at-rest and in-transit. This additional encryption layer ensures that no one – not even Decentriq or the cloud provider – can see what data goes in or out of the system.
As data is also automatically encrypted by Decentriq when it is uploaded into our data clean rooms, unauthorized third parties, as well as Decentriq and the cloud provider, are prevented from accessing the data, while a ‘privacy filter’ functionality ensures that results are aggregated, protecting individual confidentiality.
Combined with the privacy-conscious framework of data clean rooms, Decentriq provides completely new ways to collaborate with even the most sensitive and restricted data, as well as improved compliance with the data protection requirements of the General Data Protection Regulation of the European Union (GDPR).
Data Protection Requirements
The data protection requirements of Decentriq’s data clean rooms were assessed under the Federal Act on Data Protection of Switzerland (FADP) and the GDPR by a law firm in 2020.
Decentriq's data clean rooms were assessed to be a compliance improvement for the majority of GDPR's key principles.
Our implementation of confidential computing using secure enclaves enables our data clean rooms to offer features such as enhanced workflow isolation and tamper-proof audit logs. These make it even easier for your enterprise to comply with data protection regulations while collaborating on sensitive and restricted data.
1. Encryption in-use
Leveraging confidential computing's encryption in-use technology in our data clean rooms, you can perform joint data analytics without having to share your sensitive data with your partners. This makes it easier for you to comply with the following principles:
- Fairness: Your sensitive data is never disclosed to the other party, including Decentriq or the cloud provider, and remains private in our data clean rooms. This allows you to analyze data previously prohibited or not possible.
- Cross-Border Data Transfers: Encryption in-use keeps the data encrypted at all times, thus mitigating the risks of cross-border data transfers by ensuring that no raw data is actually leaving the jurisdiction.
- Prohibition to Disclose: Even if your enterprise is bound by Professional Secrecy from the FADP, you can still leverage your partner's client data without it ever being disclosed to you – or anyone for that matter – as our data clean room ensures that neither party in a joint analysis can access each other's data in the clear.
Further, the verifiability of our platform allows you to demonstrate that no third party had access to the data in the clear and thus no secret information was disclosed.
- Privacy-by-design and Privacy-by-default: Decentriq’s entire approach fully incorporates this principle, as no party, including Decentriq and the cloud provider, can see your data in the data clean room – by design. Only aggregated results are generated, which further protects the confidentiality of your sensitive data.
2. Enhanced workload and data isolation
As Decentriq's data clean room runs in an isolated Secure Enclave, you can only run predefined, permitted analysis and retrieve only aggregated results based on the predefined analysis. This makes it easier for you to comply with the following principles:
- Integrity and Confidentiality: It is significantly more difficult to breach your data due to the strong isolation and encryption provided by Decentriq's data clean room.
- Data Minimization: You can perform joint analytics in our data clean rooms without having to share and duplicate actual raw data.
- Purpose Limitation: You can only perform data analysis that was pre-defined, thus you are sure what analysis was conducted on your data.
- Storage Limitation: While you can analyze uploaded data in our platform, this data is not stored in our data clean rooms.
- Disclosure Privilege for 'Auxiliaries': As neither Decentriq, any other third party nor the cloud provider have access to the data clean room's encryption keys at any point in time, you can avoid existing uncertainties with regard to the qualification of IT providers as auxiliaries. This also means that your uploaded data is not deemed to be disclosed.
The use of encryption-in-use and remote attestation in Decentriq's data clean rooms means that you always stay in control of your data even during analysis.
3. Tamper-proof audit log
Finally, our data clean room features a tamper-proof audit log that is only accessible to you and your authorized partners, and not even Decentriq is able to change. This audit log ensures that temper-proof traceability of the data is enforced for everyone.
Along with our transparent definition of our data clean rooms and auditability of its code, it is easier for you to comply with the principle of Accountability.
By leveraging confidential computing and encryption in-use technology, Decentriq's data clean rooms provide you with a level of data security and protection that goes beyond existing data analytics platforms.
You can now work on sensitive data with your internal and external partners while completely preserving privacy of your data and adhering to strict regulatory standards.
This allows you to enhance your enterprise’s data privacy and security while collaborating on the most sensitive and restricted data securely and easily in Decentriq's data clean rooms.
Reach out to us to discover how our data clean rooms can benefit your enterprise, or request a full legal memorandum today.