Computers and Society 18 JAN, 2016

End-to-End Privacy for Open Big Data Markets

End-to-End Privacy for Open Big Data Markets

The idea of an open data market envisions the creation of a data trading model to facilitate exchange of data between different parties in the Internet of Things (IoT) domain. The data collected by IoT products and solutions are expected to be traded in these markets. Data owners will collect data using IoT products and solutions. Data consumers who are interested will negotiate with the data owners to get access to such data. Data captured by IoT products will allow data consumers to further understand the preferences and behaviours of data owners and to generate additional business value using different techniques ranging from waste reduction to personalized service offerings. In open data markets, data consumers will be able to give back part of the additional value generated to the data owners. However, privacy becomes a significant issue when data that can be used to derive extremely personal information is being traded. This paper discusses why privacy matters in the IoT domain in general and especially in open data markets and surveys existing privacy-preserving strategies and design techniques that can be used to facilitate end to end privacy for open data markets. We also highlight some of the major research challenges that need to be address in order to make the vision of open data markets a reality through ensuring the privacy of stakeholders.

💡 Research Summary

The paper envisions an open data market built on the massive streams of information generated by Internet‑of‑Things (IoT) devices. In this model, data owners—individuals or organizations that deploy sensors, wearables, smart appliances, etc.—collect raw measurements and make them available on a marketplace. Data consumers, ranging from service providers to analytics firms, negotiate access, purchase the data, and apply advanced analytics to extract business value such as personalized services, operational efficiency, waste reduction, or predictive maintenance. A key incentive for owners is the possibility of receiving a share of the additional value created by consumers.

However, the very richness of IoT data—location traces, health metrics, behavioral patterns—creates severe privacy concerns. When data are traded across multiple intermediaries and processed with powerful inference techniques, the risk of re‑identification or unintended disclosure rises dramatically. The authors argue that privacy must be protected not only at the point of collection but throughout the entire lifecycle: collection, transmission, market transaction, and consumption. This “end‑to‑end” privacy perspective goes beyond simple anonymisation.

The survey of existing techniques covers four main families. Differential privacy (DP) adds calibrated noise to query results, limiting the influence of any single record. While DP offers strong theoretical guarantees, selecting the privacy budget (ε) and handling cumulative noise over repeated queries are practical challenges. Homomorphic encryption (HE) enables computation on encrypted data, preventing raw data exposure, but its computational overhead remains prohibitive for real‑time IoT streams. Secure multi‑party computation (SMPC) allows multiple parties to jointly compute functions without revealing their inputs, yet it suffers from high communication costs and scalability limits. Finally, blockchain‑based smart contracts provide immutable audit trails and automated enforcement of usage policies, fostering trust among participants.

Building on these foundations, the paper proposes a multi‑layer privacy framework. At the device edge, owners apply lightweight DP to produce a baseline anonymised dataset. For highly sensitive subsets, they employ HE or SMPC to keep the data encrypted while still allowing authorized analytics. All market interactions are recorded on a permissioned blockchain, where smart contracts encode the terms of use—purpose, duration, compensation, and permissible analytics. Violations trigger automatic penalties, ensuring compliance. Consumers retrieve data under the contract’s conditions, optionally adjusting the DP parameters to balance utility against privacy, or performing encrypted computations directly on the protected data.

The authors identify several open research challenges that must be addressed before such markets become viable. First, IoT devices have limited processing power, memory, and energy, demanding ultra‑lightweight cryptographic and privacy algorithms. Second, a principled model is needed to optimise the trade‑off between the privacy budget (ε) and the economic value derived from the data. Third, mechanisms for transparent auditing, dispute resolution, and reputation management are essential to build trust among heterogeneous stakeholders. Fourth, regulatory alignment with frameworks such as the EU GDPR and Korea’s Personal Information Protection Act must be ensured, requiring legal‑technical bridges.

In conclusion, the paper argues that only by integrating differential privacy, advanced encryption, secure computation, and blockchain‑based governance into a coherent end‑to‑end architecture can open IoT data markets deliver fair value while safeguarding the privacy of all participants.