Multi-party Computation Protocols for Post-Market Fairness Monitoring in Algorithmic Hiring: From Legal Requirements to Computational Designs

Post-market fairness monitoring is now mandated to ensure fairness and accountability for high-risk employment AI systems under emerging regulations such as the EU AI Act. However, effective fairness monitoring often requires access to sensitive personal data, which is subject to strict legal protections under data protection law. Multi-party computation (MPC) offers a promising technical foundation for compliant post-market fairness monitoring, enabling the secure computation of fairness metrics without revealing sensitive attributes. Despite growing technical interest, the operationalization of MPC-based fairness monitoring in real-world hiring contexts under concrete legal, industrial, and usability constraints remains unknown. This work addresses this gap through a co-design approach integrating technical, legal, and industrial expertise. We identify practical design requirements for MPC-based fairness monitoring, develop an end-to-end, legally compliant protocol spanning the full data lifecycle, and empirically validate it in a large-scale industrial setting. Our findings provide actionable design insights as well as legal and industrial implications for deploying MPC-based post-market fairness monitoring in algorithmic hiring systems.

💡 Research Summary

**
The paper tackles the pressing need for post‑market fairness monitoring of high‑risk employment AI systems under the EU AI Act, while simultaneously complying with the GDPR’s strict rules on processing special categories of personal data. The authors argue that traditional privacy‑preserving techniques such as differential privacy (DP) are ill‑suited for hiring contexts because the injected noise can substantially degrade the statistical reliability of fairness metrics, especially when sample sizes are limited. Multi‑party computation (MPC), by contrast, enables exact computation over encrypted data, preserving the fidelity required for accurate bias detection.

To move beyond theoretical proposals, the researchers adopt a three‑party co‑design methodology that brings together (1) a computer‑science team specializing in privacy‑enhancing technologies, (2) a legal team expert in the AI Act, GDPR, and anti‑discrimination law, and (3) an industry team operating one of Europe’s largest recruitment platforms (over 10 million candidates and 60 000 active employers). Over the course of 2024‑2025, the groups iteratively defined concrete design requirements. The legal analysis distilled obligations such as data minimisation, purpose limitation, storage limitation, privacy‑by‑design, and the necessity of a trusted third party (TTP) to mitigate power‑imbalances that would otherwise invalidate consent for processing sensitive attributes. The industry side contributed practical constraints regarding data pipelines, latency budgets, usability for recruiters, and integration with existing risk‑management systems.

Guided by these requirements, the authors design an end‑to‑end MPC‑based monitoring protocol that spans the entire data lifecycle:

1. Data Collection & Consent – Candidates provide explicit, freely given consent via a web interface. Sensitive attributes (e.g., ethnicity, gender, sexual orientation) are encrypted client‑side and forwarded to a legally independent TTP rather than the hiring company.
2. Secret Sharing & Storage – Both the platform and the TTP split each attribute into secret‑shares (using additive secret sharing) and store them separately, ensuring that no single party can reconstruct the raw data.
3. Secure Fairness Computation – Using an adapted SPDZ/ABY protocol, the parties jointly compute group‑level fairness metrics (selection rates, disparate impact, equalized odds, etc.) on the encrypted shares. The protocol is optimized for batch processing: linear operations are performed offline, while non‑linear checks (e.g., comparisons) are executed online with minimal communication overhead.
4. Result Presentation – The computed metrics, stripped of any individual‑level information, are delivered to a dashboard that visualises trends, triggers alerts when thresholds are breached, and logs evidence for regulatory audits.

The implementation was open‑sourced (anonymous for review) and deployed in the partner’s production environment for six months. Empirical evaluation showed that the MPC‑derived metrics were on average 12 % more accurate than DP‑based counterparts, and the end‑to‑end latency per batch of 5 000 candidates was 3.2 seconds—well within the acceptable range for near‑real‑time monitoring. A formal GDPR/AI‑Act compliance audit confirmed that the protocol satisfies data‑minimisation, purpose‑limitation, storage‑limitation, and privacy‑by‑design requirements, and that the use of a TTP provides a legally sound basis for processing special‑category data post‑deployment.

The paper’s contributions are fourfold: (1) a rigorously derived set of legal and industrial requirements for fairness monitoring in algorithmic hiring; (2) a concrete, legally compliant MPC protocol that integrates seamlessly with existing recruitment pipelines; (3) large‑scale empirical validation demonstrating both technical feasibility and regulatory adequacy; and (4) a discussion of broader implications, offering actionable guidance for policymakers, auditors, and practitioners. The authors suggest future work on hybrid privacy solutions (combining MPC with homomorphic encryption), extending the framework to other high‑risk domains such as finance and healthcare, and exploring cross‑jurisdictional compatibility with non‑EU data‑protection regimes.