Data Usage Control and Multi‑Party Secure Computation: Policy Background, Technical Implementation, and Future Outlook

Guest: Wang Yunhe, Ph.D., Strategic Director at Huakong Qingjiao

Editor: Wu Yeguo, Weiyan Technology

Platform: DataFunTalk

Overview: The discussion focuses on multi‑party secure computation and data usage control, emphasizing mechanisms and principles.

01 Policy Background Analysis

Relevant Policies

China's 2021 Data Security Law defines supervisory responsibilities and principles for lawful, orderly data flow.

The Personal Information Protection Law requires clear, reasonable purposes for data use and prohibits over‑scope usage.

These laws embed data usage control throughout their provisions.

Why Control Data Usage?

Uncontrolled data use can generate negative externalities similar to environmental pollution, leading to social costs without accountability.

Data differs from other production factors due to its high replicability, abundant sources, and massive scale, making control increasingly difficult.

Privacy‑preserving computation (e.g., MPC) offers a viable technical control method.

In January 2022, the State Council issued a pilot plan proposing two exploratory principles (though not naming privacy computing):

"Original data does not leave the domain, data is usable but invisible."

Establish a system to control data purpose and quantity, achieving "controllable and measurable" usage.

02 Technical Implementation Methods

Controlling Data Purpose and Quantity – Trust as the Root

Traditional bilateral data contracts rely on legal agreements and third‑party notarization to enforce usage limits.

Technical trust mechanisms include:

Multi‑party supervision : All participants jointly monitor data flow.

Responsibility tracing : Audit trails enable legal recourse.

Key Participants

Data provider

Data user

Multi‑party computation platform (operated by a trusted government agency or association)

Algorithm provider

Expert system for algorithm and data audit

Auditor/regulator

These roles ensure comprehensive control over data usage.

Computation Contract

A "computation contract" combines MPC with smart‑contract concepts, defining:

Participating parties

Algorithm logic (e.g., joint statistics or machine‑learning model)

Usage limits (times, duration)

Settlement and other extensions

Signatures of all parties

The contract execution consists of three stages:

Generation : Create a contract template, fill in concrete data sources, computation goals, and obtain signatures.

Execution : Verify signatures, perform MPC computation, and record immutable evidence (e.g., on blockchain).

Settlement : Attribute contributions, audit results, and distribute benefits.

Integration with blockchain provides immutable storage (on‑chain or off‑chain) for inputs, intermediate results, and outputs, enabling auditability while preserving privacy via encryption or hash commitments.

03 Further Outlook

Regulatory Digitization for Encrypted Computation

Regulators can encode rules as executable algorithms that run on ciphertext, allowing checks such as "is the transaction amount > 10 million?" without revealing the exact value.

Future work may embed AI‑driven anti‑fraud models into multi‑party platforms, enabling simultaneous data analysis and compliance verification.

Standardization and consensus‑building across industry, academia, and regulators are essential for healthy data ecosystems.

04 Q&A

Q: Beyond computation, what practical steps should be taken?

A: Establish multi‑party consensus, develop standards, and integrate algorithmic safety, expert systems, and governance mechanisms.

Q: Are computation contracts tied to public or private blockchains?

A: They are not limited to any specific chain; they can run on public, private, or consortium ledgers, or even off‑chain, as long as the contract logic is enforceable.

Q: How to audit computation results on‑chain?

A: Use encrypted or hashed commitments for inputs, intermediate states, and outputs, ensuring privacy while providing verifiable evidence.

Thank you for listening.