Across sectors - from health research to financial systems - data sharing continues to drive innovation, yet it also intensifies privacy and compliance challenges, making the balance between access to data and confidentiality increasingly difficult. Secure multi-party computation (SMPC) proposes a way to reconcile these seemingly conflicting goals - enabling organisations to jointly compute insights without revealing their underlying data. As we reflect on the discussions and conclusions from IPEN 2025 that the EDPS held together with the Goethe Frankfurt University on October 21, it’s clear that SMPC is no longer a purely academic concept, but a cornerstone of the next generation of privacy-enhancing technologies (PETs).
At its core, SMPC is based on a deceptively simple yet powerful idea: multiple parties can work together to compute a result from their private data without ever exposing that data to one another. Imagine hospitals improving disease prediction models using patient data, without any hospital ever seeing another’s records. Or banks detecting cross-border fraud patterns, without compromising client confidentiality. Or governments analysing the impact of social policies, without centralising sensitive citizen data.
Unlike traditional encryption, which protects data only while it’s stored or transmitted, SMPC ensures confidentiality throughout the computation process itself. This “compute without exposure” paradigm represents a fundamental shift in how we think about data sharing - transforming it from “data surrender” into privacy by design.
SMPC’s greatest promise lies in its ability to enable collaboration without sacrificing privacy. It allows organisations to extract valuable insights and train machine learning models while ensuring that no individual or institution gains undue access to others’ data. This is particularly important in sectors like health, finance, and law enforcement - where sensitive information is both valuable and protected by stringent regulations.
By distributing computation and storage across multiple parties, SMPC also helps mitigate the impact of external attacks. There is no single data repository to breach, reducing systemic risk and the potential fallout from cyber incidents. When combined with other PETs such as homomorphic encryption or trusted execution environments, SMPC becomes part of a broader privacy engineering toolkit that builds resilience into digital ecosystems.
Challenges on the Road to Adoption
Despite its potential, SMPC still faces significant hurdles. As discussed during IPEN 2025, the technology remains computationally intensive. The additional communication and processing overhead can slow down performance, particularly in use-cases requiring real-time responsiveness. This makes scaling SMPC to large, multi-party scenarios or offering it “as a service” a major technical challenge.
Interoperability is another issue. Current SMPC frameworks often depend on specialised cryptographic libraries and bespoke communication protocols, making integration with existing infrastructures - like cloud environments or data lakes - far from seamless.
Overcoming these barriers will require standardisation, usability improvements, and cross-sector collaboration. Regulators, technologists, and industry players need shared frameworks for measuring performance, verifying implementations, and certifying compliance. Without these, SMPC risks remaining a niche solution rather than a mainstream privacy technology.
The Legal and Ethical Landscape
From a legal perspective, SMPC challenges traditional interpretations of privacy law. Frameworks like the GDPR were not designed with cooperative computation in mind - where no single actor holds or controls the full dataset. Who is the controller when no one can see the data? Can the outputs of SMPC still be considered personal data? These questions are now reaching data protection authorities such as the EDPS, which are working toward clearer guidance and regulatory certainty.
It’s also crucial to emphasise that SMPC is not a magic shield. While it reduces the exposure of raw data, it does not automatically guarantee ethical or lawful processing. Like all cryptographic systems, its security depends on more than just mathematics - it relies on governance, implementation quality, and responsible use.
Therefore, SMPC must be embedded within transparent governance frameworks and ethical oversight, ensuring that the technology serves the public good rather than becoming another opaque layer of data control.
Quantum Futures and Standardisation
Looking ahead, quantum computing introduces both risk and opportunity. Quantum algorithms could potentially undermine the cryptographic primitives that underpin SMPC today. At the same time, emerging quantum technologies might enable quantum-safe or quantum-enhanced multiparty protocols. Preparing for this future - through research, standardisation, and international collaboration - will be essential.
The EDPS is already taking steps in this direction through its Technology Monitoring initiatives, which tracks emerging technologies and their implications for privacy and data protection. Initiatives like TechSonar and TechDispatch continue to explore how PETs like SMPC can safeguard rights in an evolving technological landscape.
The Way Forward
Secure Multi-Party Computation is more than a cryptographic breakthrough - it’s a new way of thinking about data collaboration. It allows us to harness the collective power of information while respecting the privacy and dignity of individuals.
For SMPC to fulfil its promise, we must combine technical innovation with legal clarity, ethical governance, and shared commitment. The path ahead involves standardisation, education, and sustained investment - but the reward is a digital future where collaboration and confidentiality coexist.
As IPEN 2025 reminded us, the goal of privacy-enhancing technologies is not simply to protect data - it’s to protect people.
Videos of the Ipen event are available here.