Protecting Sensitive Personal Data Through Federated Data Processing

02/04/2026

Anyone applying for a loan, renting an apartment, or starting a new job today often shares more about themselves than they would like: pay stubs, credit reports, copies of ID, and sometimes even health information. What used to be filed away in thick paper files is now digitally recorded, copied, and forwarded with just a few clicks. And thus remains potentially in circulation indefinitely.

While digitization greatly reduces the effort involved in data processing and collection, it simultaneously lowers the threshold for collecting and sharing sensitive personal data. Especially when it comes to identity, financial situation, or health, the question becomes urgent: Who has access to what information, when, and how can I retain control over it?

Traditional measures such as encryption or strict access rights are important building blocks, but they reach their limits when data needs to be used or verified across organizational boundaries. But what if the individual no longer has to “hand over” their data at all and can still identify themselves in a credible and externally verifiable manner?

Federated data processing for the protection of sensitive data

This is exactly where federated data processing comes in. In this article, we show how federated approaches can help protect sensitive personal data without sacrificing efficient digital processes.The advantage of this approach is that trust can be built within a digital ecosystem without having to disclose personal characteristics that require special protection. Technically, this is typically implemented using a secure digital wallet, as described, for example, in the EU’s EUDI Wallet Standard (https://ec.europa.eu/digital-building-blocks/sites/spaces/EUDIGITALIDENTITYWALLET/pages/694487738/EU+Digital+Identity+Wallet+Home). In this ecosystem, so-called trust anchors and accreditation bodies ensure that only reliable organizations are permitted to issue credentials.Initially, a person’s identity is verified and stored in the wallet in the form of cryptographically secured credentials. Additional attributes, such as professional qualifications, membership in an organization, or even health information, can be added by the respective competent, trusted authorities. The individual then decides, depending on the context, to which organization they wish to prove their identity and which attributes they will provide for that purpose. This principle is known as selective disclosure: it allows only the data that is actually necessary to be shared, thereby implementing consistent data minimization.For particularly sensitive information that should not be shared directly at all, so-called zero-knowledge proofs can be used. In this process, a trusted third party cryptographically confirms that a specific attribute exists and has been verified without disclosing the underlying content. For example, it is possible to prove that a person meets certain requirements without having to disclose the complete document (such as a criminal record or a health record).

TrustED is researching methods for securing personal data

One project by Fraunhofer ISST in which these principles are put into practice is TrustED (https://trustedproject.eu/). The project’s goal is to research various methods for securing personal data and to develop prototypes of both an EUDI wallet system and a federated processing environment for health data. What both systems have in common is that they rely on modern cryptographic methods and federated architectures to prevent the unintended dissemination of personal data.

The first use case of the TrustED project serves as a concrete example of selective disclosure and zero-knowledge proofs: The wallet supports volunteers in applying for positions at NGOs (non-governmental organizations = independent, non-profit organizations without a government mandate). Volunteers should only disclose the information that is truly necessary for the specific activity. For example, a criminal record does not need to be fully disclosed for this purpose. Instead, a trusted authority can use a zero-knowledge proof to simply confirm that there are no relevant criminal convictions without disclosing the detailed entries.

From a technological standpoint, this use case is implemented, among other things, through the use of EDC data room technology (Eclipse Dataspace Components). It connects the various components of the TrustED project into a secure and sovereign overall system and ensures that data flows only under clearly defined, verifiable conditions.

More Information about TrustED

Project: https://www.isst.fraunhofer.de/en/departments/healthcare/projects/TrustED.html
Fraunhofer ISST Podcast: “Die Datenräumer” episode 15
“Digitale ID statt Plastikkarte” (only in German): https://www.isst.fraunhofer.de/en/publications/podcast.html

TrustED has received funding from the European Union’s Horizon Europe Research and Innovation Programme under grant agreementNo. 101168467

Latest entries

Mandatory EUDI Wallet: what citizens, public administrations and companies need to know (I)

28/05/2026

It is May 2026, and the European Union’s digital landscape has reached a point of no return. After years of regulatory and technical development, the European

Enabling trustworthy european data spaces through self-sovereign identity and privacy preserving technologies

03/05/2026

Poster presented at the 12th Conference of the Framework Programme for Research and Innovation (Horizon Europe)

Informational Selfdetermination with Selective Disclosure: Fraunhofer AISEC’s Open Source C library libbbs Takes Privacy One Step Further

21/04/2026

How can we continue to have control over our own data in the digital world? Fraunhofer AISEC’s solution is informational selfdetermination with selective disclosure. To make that happen it develops the C library libbbs as part of the TRUSTED consortium – publicly accessible as open source on GitHub.