NGI Trustchain Open Call #2
Trustworthy online platforms that preserve user’s data privacy and provide strong data governance frameworks are the focus of this TrustChain Open Call 2 (OC2) on “User Privacy and Data Governance”.
This Open Call 2 welcomes applications that will clearly define, upgrade/extend the state-of-the-art, and develop the following types of solutions:
– Enhanced Consent profiles to implement transparent and user-friendly consent mechanisms that clearly explain how user data will be collected, used, and shared. A mechanism to provide users the ability to form informed consent and easily manage their privacy preferences in data sharing models.
– Data Minimization and Purpose Limitation techniques built in the web framework so that only necessary data is collected for legitimate purposes. Data owners should have means to share only data necessary to access a particular service.
– Secure data exchange and privacy-aware data processing must be the cornerstone of the new data economy. Privacy of training data, machine-learning models and model parameters should be aimed for.
– Developing new privacy preserving data flow techniques in line with international data sharing agreements (e.g., EU Data Spaces) so that the user has choice to tune data parameters for trading/sharing of data.
– Develop new mechanisms in line with the international data flows standards so that the data can move freely within the EU and across international borders including USA, Japan and China.
– Data identification, data provenance, data tracking mechanisms should be built so that the data that is exchanged can be tracked. Handling of the data according to the user consent provided in a data exchange should be verifiable.
– Data certification/verification methods should be developed to verify the trustworthiness of the data.
– Modern privacy enhancing technologies, such as local differential privacy and other interactive privacy techniques, taking also into account online publicly available datasets that can be linked to the original data.
– Data obfuscation, perturbation and anonymization techniques or their combination that properly address the trade-off between privacy-preservation and data utility.
• Privacy-preserving data oracles,
• Privacy-preserving data processing techniques using technologies such as Homomorphic Encryption and Trusted Execution Environments,
• Data anonymization and perturbation techniques,
• Privacy-by-design microservice architectures,
• General-purpose DLT-based solutions for privacy and data governance,
• Smart contracts for user privacy and data governance.
Applicants have to submit a proposal that serves the overall TrustChain vision and objectives, while also fitting within the scope of human centric decentralised trustworthy Next Generation Internet protocols.
Proposed solutions should utilize existing concepts and technologies already developed for data value sharing and preserving user-privacy and fit within TrustChain’s vision and objectives. The solutions should:
– be provided as open-source software,
– tested and evaluated by an adequate pool of potential end-users that should be identified and mentioned in the application
– supported by a self-sustaining business model for exploiting the developed system at the end of the project.
Each proposed solution will have to use the latest technologies for full-stack development that are compatible with the current standards.
Projects selected and funded by the TRUSTCHAIN consortium will have to deliver four deliverables during their participation process. These deliverables are mandatory.
They are defined below:
o D1: State of the art overview, use case analysis and preliminary technical specification of the solution.
o D2: Detailed technical specification of the solution, software implementation work plan, demo scenarios, the number of end users that will be involved in any pilots, and preliminary business plan;
o D3: Implementation, deployment in an appropriate TRUSTCHAIN platform, testing, demonstration and validation roadmap in a real life application (i.e., banking, education, healthcare, utilities, defence or cross-border travel), and result of the validation process; and,
o D4: Modularised software components ready for distribution, full documentation for developers/users, final business plan.
Up to 117K EUR funding will be distributed per 9-month project to a maximum of 17 projects.
Applicants can apply as individuals or linked to a legal entity.
Hence, the participation is possible in several ways:
o Team of natural person(s):
Team of individuals, all established in any eligible country. This does not consider the country of origin but the residence permit.
o Legal entity(ies):
One or more entities (consortium) established in an eligible country. It can be Universities, research centres, NGOs, foundations, micro, small and medium- sized enterprises (see definition of SME according to the Commission Recommendation 2003/361/EC), large enterprises working on Internet or/and other related technologies are eligible.
o Any combination of the above.