A Framework for
Ethical Research

Driving Transparency and Ethical Innovation

In an era where personal data drives innovation but privacy concerns limit access, Privact offers a groundbreaking solution for ethical research. Our ecosystem empowers large-scale, transparent analysis of personal data while preserving individual privacy and ensuring streamlined regulatory compliance.

Consented Insights

By joining Privact, you not only gain access to a rich, dynamic dataset but also help establish a new paradigm for user-consented research that elevates study quality and aligns with evolving ethical standards.

Photo by Janko Ferlič on Unsplash

Why Join the Privact Research Ecosystem?

+ High-Quality Data: Empowering Ethical Research

Reliable & Ethically Sourced: Gain insights with active consent from a large, engaged user base. Our protocols ensure that every data point is collected with user approval, then anonymized and aggregated to maintain accuracy without compromising individual privacy.
Trust & Transparency: Our transparent processes ensure ethical standards and promote socially responsible research that is both accurate and meaningful.

+ Extensive User Insights: Global Perspectives for Impact

Actionable Data, Worldwide: Tap into an ever-growing dataset that allows for deep insights from users around the globe. Our system is set to become the largest distributed source of user data – both in terms of data points per user and number of participating users. A central database schema ties it all together, making it easy for you to formulate precise research questions and uncover actionable patterns.
Enhanced Real-World Impact: Privact lets you gain a comprehensive perspective across international contexts. This makes your research more impactful and supports evidence-based decision making.

+ Accelerated Insights: Revolutionizing Research Speed

Rapid Data Analysis: Our automated data analysis protocols deliver actionable insights in hours rather than weeks, significantly accelerating your research cycles.
Agile Innovation: Maintain a competitive edge in a fast-paced environment by quickly testing hypotheses, validating assumptions, and gaining exploratory insights.

+ Cost-Effective Solutions: Affordable Innovation and Regulatory Compliance

Optimized Data Management: Privact reduces the high cost traditionally associated with data collection, storage and analysis. This allows you to make user-data-driven decisions the new normal for your innovation and product development.
Built-In Regulatory Compliance: Benefit from Privact’s system designed to meet modern regulatory demands. It ensures that your research meets strict compliance standards while minimizing associated costs.

+ Understanding Sample Bias: Ensuring Credible Research

Transparent Bias Analysis: Our ecosystem automatically evaluates user consent patterns, providing clear insight into the sample bias of your research.
Enhanced Credibility: Use knowledge of sample bias to adjust your study parameters, strengthening the validity and applicability of your research.

+ Federated Secure Aggregation: Unlock Insights, Preserve Privacy

State-of-the-Art Security: Privact’s Federated Secure Aggregation Protocol uses a combination of end-to-end and homomorphic encryption to securely process data. Data is encrypted on user devices before being aggregated within a federated network, ensuring that individual identities remain completely anonymous.
Robust and Transparent: The protocol is designed to meet rigorous privacy standards and regulatory requirements, offering researchers only aggregated results while keeping raw data confidential. Detailed logging and audit trails further enhance transparency and trust.
Scalable Integration: The protocol works across a vast network of user devices. It minimizes the risk of centralized breaches and supports large-scale research initiatives without compromising speed or security.

How to Leverage Privact for Your Research

Privact’s research ecosystem empowers institutions to conduct groundbreaking studies while maintaining strict ethical standards and user privacy. By joining as a research organization, you gain consent-driven access to a unique, vast dataset while contributing to a new paradigm of transparent, user-empowered research.

+ 1. Sign Privact’s Research Terms & Conditions

Begin by signing Privact’s Research Terms & Conditions. This agreement confirms your commitment to conducting ethical, consent-driven research. As part of this process, your organization agrees to:

  • Report on Social Behavior: Fill out questionnaires to report on your organization’s social behavior across various criteria. This data is used to determine which users will participate in your study (see Step 3).
  • Ensure Recipient Transparency: You must always disclose all recipients of the results of your research. To maintain the integrity of Privact’s consent mechanisms, you are not allowed to share any results privately with anyone else than you stated when starting a study. You may, however, make the results publicly available at any time.
  • Regular Audits: Allow audits to verify that your organization complies with Privact’s standards for user consent and ethical research practices.

Once these steps are completed, your organization will be approved to conduct research within the Privact ecosystem.

+ 2. Prepare Your Study

Design your study using Privact’s Study Creation Web Service. It makes it easy for you to select the exact data points required based on the central database schema. Additionally define:

  • Participation Criteria: Specify demographic, behavioral, or other relevant prerequisites that participants must meet to qualify.
  • Sample Size: Configure the minimum number of participants required to ensure statistically robust results.

Once configured, your study is ready for deployment across the Privact network.

+ 3. Automatically Conduct Your Study

Privact’s Federated Secure Aggregation Protocol handles research execution with zero direct user interaction:

  • Consent-Driven Participation: Eligibility is automatically determined based on users’ social responsibility expectations. Only those users whose expectations align with your organization’s audit-verified social behavior contribute their data.
  • Encrypted Data Collection: Participating user devices respond automatically. User data gets encrypted using a combination of end-to-end and homomorphic encryption. This ensures that raw personal data remains unreadable throughout the entire process.
  • Federated Secure Aggregation: The encrypted data from different users is aggregated securely in a distributed network. This process is fully automated and preserves the anonymity of individual users by revealing only sufficiently aggregated statistical results.
  • Fast Results: Once all data is aggregated, the final result is decrypted on Privact’s central server and delivered to your organization – all within hours and without ever exposing any individual data points.

+ 4. Lead Ethical Innovation

By participating in the Privact ecosystem, you are not just conducting studies – you are setting a new standard for ethical, transparent, user-centric research.

The Privact Research Framework helps you position your institution as a leader in innovative research that balances cutting-edge data analysis with stringent privacy protections.

The Federated Secure Aggregation Protocol

Privacy-Preserving Insights Explained
The Privact Ecosystem employs the Federated Secure Aggregation Protocol to enable privacy-preserving research. The following detailed explanation outlines each step of the protocol, demonstrating its commitment to user privacy and data security.

+ 1. Study Creation

Use the Privact Study Creation Web Service to set up your research. Simply define the needed data with the help of our central database schema and outline the participation criteria. When you are ready, launch your study.

+ 2. Automated Study Participation

Privact-enabled devices periodically download new studies. The client software automatically answers all studies with data from the user’s local database. No direct user interaction is required to complete studies.

Providing swarm protection
The study will be filled with randomized data if

  • a user does not meet the study requirements, or
  • the research organization’s behavior does not match the user’s expectations.
This approach, known as swarm protection, obfuscates actual responses to ensure that individual contributions remain indistinguishable. A “participation bit” signals genuine contributions versus obfuscation, ensuring that only valid responses are aggregated later in the process.

+ 3. Secure Infrastructure Setup

Privact’s Secure Aggregation is based on the combination of two encryption technologies:

  • Randomly selected user clients are assigned as aggregation clients and generate study-specific public/private key pairs for end-to-end encryption (E2EE).
  • The server generates a public/private key pair for homomorphic encryption (HE). Homomorphic encryption allows computations to be performed directly on encrypted data without decrypting it, ensuring privacy during processing.
All public keys are published together with the studies on the Privact Study Server for local clients to download.

+ 4. User-Side Encryption

After completing a study, the local client processes all data before sending it to the Privact server:

  1. First the study data gets encrypted with the public homomorphic encryption key, so computations can be done with the encrypted data without exposing its content.
  2. The “participation bit” is added to indicate whether the user’s contribution is genuine or obfuscation data, to safeguard all users through swarm protection.
  3. Now everything get encrypted a second time, this time using the public end-to-end encryption key of a randomly selected aggregation client. This ensures that only the designated aggregation client can decrypt and process the data.
  4. Finally the chosen aggregation client’s public end-to-end encryption key is added to the message, so the Server can assign it to the correct aggregation client.
The resulting double encrypted message is sent to the Privact server for further processing.

+ 5. Federated Study Processing

The Privact server gets the encrypted messages from the user clients and starts the aggregation process:

  1. First, the server removes personal data, such as IP addresses.
  2. Messages are sorted by aggregation clients, identified by the attached public end-to-end encryption keys.
  3. Aggregation clients periodically retrieve their assigned messages from the server.
  4. Each client decrypts its messages using its private end-to-end encryption key.
  5. The clients then discard any obfuscation data indicated by the “participation bit”.
  6. Valid, still homomorphically encrypted messages are aggregated.
  7. Once sufficient data has been processed, the client sends the aggregated and still homomorphically encrypted data back to the Privact server.

+ 6. Server-Side Aggregation

The server aggregates the homomorphically encrypted data from multiple aggregation clients until a pre-defined response threshold is met. It then decrypts the aggregated data using its private homomorphic encryption key to reveal the final study results.

Edge case handling:
In rare cases, low response numbers in certain cells of the study could compromise individual privacy. In these cases, the server will:

  1. Extend the study to collect more responses.
  2. If this does not work, merge the affected cells with neighboring cells.
  3. If this also does not work out, it will remove the affected data points entirely.

+ 7. Closing the Study

Once all privacy safeguards are verified and the aggregated data meets quality standards, the study is closed and removed from the Privact Study Server. The final results are then delivered to the study issuer.

Your Questions, Answered

+ What types of entities can participate in the Privact research network?

Any entity seeking to analyze data from the shared Privact user data pool can participate in our research network. This includes commercial enterprises, non-profit organizations, scientific institutions, NGOs, Free Software projects, and other similar entities. All participating entities must agree to and comply with Privact’s “Research Terms and Conditions” (currently under development).

+ Can individuals access the Privact user data pool directly?

No, individuals cannot directly access the Privact user data pool at this time. The Privact consent mechanism requires an organizational partner to ensure accountability, ethical data handling, and adherence to our “Research Terms and Conditions”. However, we encourage individual researchers or students to collaborate with a university, research institution, or NGO that can join our research network as a Privact research partner. Feel free to contact us to explore options for your specific situation.

+ What are the obligations of a research entity joining the Privact ecosystem?

By participating in the Privact ecosystem, research entities commit to the following:

  • Transparent Social Behavior Reporting: Regularly report on their social behavior using the “Privact Social Behavior Reporting Scales,” ensuring accuracy and timely updates. This is critical for matching research with user consent preferences.
  • Data Recipient Transparency: Disclose all parties who will receive the research results. Sharing results with undeclared parties is prohibited to maintain consent integrity. You are not allowed to share the results with parties not noted at the time the research was conducted.
  • Audit Compliance: Agree to undergo audits by Privact or commissioned auditors to verify compliance with the Research Terms and Conditions.

+ What if our research entity wants to openly share our research results?

Privact supports open science and transparent research practices. If your research entity chooses to openly share its findings, fewer restrictions apply regarding the consent mechanism. Users can opt-in to always participate in open-source research initiatives. In such cases, the research methodology, results, and the entity initiating the research will be published on a publicly accessible Privact survey board, making the findings available to everyone. This option is particularly beneficial for journalists, NGOs, and other organizations that prioritize broad dissemination of knowledge.

+ What are the benefits for a research entity participating in the Privact ecosystem?

Participating in the Privact ecosystem offers several key advantages:

  • Ethical Research Foundation: Ensure users have freely and explicitly opted into participating in your research, establishing a strong ethical foundation.
  • High-Quality Data: Users are incentivized to keep their personal data accurate and up-to-date, leading to more reliable research results.
  • Extensive Dataset: Explore diverse personal data types per user, enabling comprehensive and nuanced research opportunities.
  • Vast User Base: Tap into a growing pool of potential participants, ensuring statistically relevant sample sizes.
  • Rapid Responses: Obtain swift results through automated, user-interaction-free research processes, accelerating your research cycles.
  • Cost-Effectiveness: Reduce research expenses with automated data collection and analysis, maximizing your research budget.
  • GDPR Compliance: Ensure compliance by never receiving raw data, only aggregated statistics, mitigating GDPR concerns and simplifying regulatory adherence.
  • Sample Bias Transparency: Gain insights into sample bias through Privact’s reporting scales, enhancing the credibility and applicability of your research findings.

+ How does data flow from the perspective of research within Privact?

The Privact ecosystem ensures a secure, privacy-preserving, and consent-driven data flow for research:

  • Data Creation: Research never creates personal data – only products or services within the Privact ecosystem can do that. Research only generates anonymous statistics derived from aggregated user data.
  • Data Storage: Research entities cannot access or store raw personal data, ensuring compliance with privacy regulations.
  • Data Collection: The inclusion of personal data in research always depends on individual user consent. Matching is based on user expectations and the entity’s reporting on the “Privact Social Behavior Reporting Scales.”
  • Data Processing: All data processing is conducted using the Privact “Federated Secure Aggregation Protocol” on randomly selected user clients. Final privacy checks are performed on Privact’s servers to ensure 100% anonymity.
  • Use Permit: Research results are restricted to the entities specified at the time of the study, unless they are publicly released via the Privact survey board.

+ Can Privact user data be used to train AI models?

Yes, Privact plans to integrate consent-based training for AI models to ensure ethical and privacy-preserving machine learning. This training will occur in a distributed manner on users’ local devices, adhering to the following principles:

  • Explicit User Consent: Training will only occur with explicit user consent, based on clearly defined parameters regarding data usage and model purpose.
  • Anonymization Techniques: State-of-the-art anonymization techniques will be employed to protect user privacy during the training process and when utilizing the AI (specific techniques to be determined).
  • Data Recipient Transparency: Users will be informed about the entities utilizing the resulting AI model.
  • Audit Compliance: Training processes will be subject to audits to ensure adherence to Privact’s ethical and privacy standards.

Still have questions?
Feel free to email us anytime – we are here to help!