Back to Dashboard
Access / Data/ 4.1.1

4.1.1 Privacy-Preserving Third-Party Access to Datasets

2026 Governance Status: Narrowly operationalized

Original Problem in the Paper

Paper motivation: external training-dataset access is “crucial for enabling external data audits” to find “harmful, personal, or inappropriate data” and to study how training data shapes model behavior, but unrestricted access can reproduce copyrighted/personal/proprietary data or expose illegal collection. Dedicated open problems: structure “sufficiently deep access” for auditing while protecting data-subject privacy; reconcile auditing with privacy-preserving ML where “the developer themselves lacks such visibility,” e.g. encrypted/federated training data.

July 2026 Update & Trajectory

Narrow operationalization exists: secure data environments, TEEs/remote attestation, federated query systems, and AI-audit tooling can let approved researchers compute over sensitive/proprietary data without raw access. But no general mechanism gives independent auditors deep, standardized access to frontier-model training corpora while handling copyright, trade secrets, privacy, federated/encrypted training provenance, and query leakage. Verified 2026 status: OpenSAFELY/OpenMined/NAIRR Secure show live infrastructure; I did not verify a 2026 legal/technical standard that compels or normalizes AI training-dataset audit access across major labs.

Deployed / Operationalized

  • Healthcare secure research environments: OpenSAFELY supports 200+ projects, 100+ published outputs, and NHS-linked sensitive data analysis without conventional raw-data export.
  • OpenMined/Syft AI-auditor tooling markets open-source privacy-preserving audits of proprietary AI systems and user/model-usage data, answering approved questions without exposing weights, training data, or logs.
  • Project Oak and cloud confidential-computing stacks provide remotely attested enclave applications and sealed computation patterns for approved query execution.
  • NAIRR Secure pilot supports sensitive-data AI research through secure environments, privacy/security-preserving infrastructure demonstrations, and controlled-access data use cases.

New Tractable Vectors

  • Design auditor query languages with privacy budgets, output checking, and statistical power guarantees for harmful/copyright/personal-data audits.
  • Combine TEEs, differential privacy, secure multiparty computation, and transparent release logs so auditors can verify computation identity and data-use constraints.
  • Audit federated/encrypted training data by producing verifiable aggregate evidence about data composition, licenses, and sensitive attributes without decrypting all records.
  • Develop dataset cards/provenance summaries whose claims can be checked by privacy-preserving spot queries rather than blind trust.

Key Open Questions

  • Prevent adaptive-query reconstruction or membership inference by auditors while preserving meaningful audit depth.
  • Resolve who can approve access and liability when datasets contain copyrighted, personal, illegal, or third-party-licensed material.
  • Make confidential-computing audit stacks robust against side channels, TEE vendor trust failures, and proprietary host compromise.
  • Define minimum disclosure/audit rights for frontier training datasets when data is distributed, synthetic, encrypted, or no longer retained.

Evidence & Primary Sources

  • OpenSAFELY is a live platform for analysing large sensitive NHS datasets safely/securely and reports 200+ projects, 100+ outputs, 30+ organisations. (2026-07-01 page contained latest listed blog; site ©2026): https://www.opensafely.org/
  • OpenMined says its Syft/Federated AI Network enables external AI auditors to evaluate proprietary AI systems and user interactions without revealing information beyond specific answers. (modified 2026-01-30): https://openmined.org/for-ai-auditors/
  • Project Oak provides externally verifiable enclave applications, remote attestation, encrypted channels, and sealed computing for privacy-preserving computation. (read 2026-07-07; repository active): https://github.com/project-oak/oak
  • NAIRR Secure pilot targets sensitive-data AI research, privacy/security-preserving infrastructure, secure environments, and controlled-access AI-ready data assets. (read 2026-07-07): https://nairrpilot.org/nairr-secure
  • NSF NAIRR page says NAIRR Secure is co-led by NIH/DOE and explores privacy/security-preserving infrastructure and controlled-access data for AI research. (page includes 2026 two-year progress update): https://www.nsf.gov/focus-areas/ai/nairr