PAPAYA · Project

Run Data Analytics on Encrypted Data Without Exposing Customer Privacy

digitalPilotedTRL 7

Imagine you need to analyze sensitive customer data — medical records, browsing habits — but you're not allowed to actually see it. PAPAYA built a platform that lets you run analytics on encrypted data, so you get the business insights without ever exposing the raw information. Think of it like a locked suggestion box where you can count the votes without opening individual slips. It was specifically designed to help companies stay compliant with GDPR while still getting value from their data.

By the numbers

consortium partners

countries represented

industry partners in consortium

67%

industry participation ratio

total project deliverables

validated demo use cases

The business problem

What needed solving

Companies need to analyze sensitive data — patient records, user behavior, financial transactions — but GDPR and privacy regulations make it risky or impossible to hand raw data to third-party analytics providers. A single data breach or compliance violation can result in massive fines and lost customer trust. Businesses are stuck choosing between actionable insights and legal safety.

The solution

What was built

An integrated platform combining privacy-preserving analytics primitives with an auditing and visualization dashboard. Validated through 3 demo deliverables: an e-health use case, a web analytics use case, and a final integrated platform with privacy-enhancing technologies. 22 deliverables total were produced across the project.

Audience

Who needs this

Health data processors and hospital IT departments handling patient analyticsWeb and mobile analytics companies tracking user behavior under GDPRBanks and insurers outsourcing data processing to third partiesCloud service providers offering analytics-as-a-service in regulated sectorsAny company using external data processors for sensitive customer data

Business applications

Who can put this to work

Healthcare & Digital Health

enterprise

Target: Health data processors, digital health platforms, hospital IT providers

If you are a health data processor dealing with the challenge of analyzing patient records across hospitals without violating GDPR — this project developed and validated a privacy-preserving analytics platform with a dedicated e-health use case. The platform lets you extract clinical insights from encrypted patient data, keeping you compliant while maintaining data utility. Validated across 3 demo use cases with 6 consortium partners.

Digital Marketing & Web Analytics

any

Target: Web analytics companies, ad-tech firms, mobile app publishers

If you are a web analytics company struggling to deliver audience insights while respecting user consent under GDPR — this project built and validated a web analytics use case that processes browsing and mobile data without exposing individual user behavior. The platform includes a privacy dashboard for auditing and visualization, tested by 4 industry partners across 5 countries.

Financial Services & Insurance

enterprise

Target: Banks, insurers, fintech companies processing customer financial data

If you are a financial institution that outsources data processing to third parties but worries about data breaches and regulatory penalties — this project created privacy-preserving analytics primitives that let untrusted processors work on your encrypted data. The technology was designed to be cost-effective and accurate, with an integrated auditing dashboard to prove compliance to regulators.

Frequently asked

Quick answers

What does implementation cost look like?

The project's EU contribution is not publicly listed in the dataset. However, as an Innovation Action with 6 partners across 5 countries, the platform was built at significant scale. Deployment costs would depend on data volume and which privacy-preserving primitives your use case requires.

Can this scale to enterprise-level data volumes?

The platform was validated through real-world use cases in healthcare and web analytics, both data-intensive domains. With 4 industry partners involved in development and testing, the technology was designed to be cost-effective and accurate at operational scale. Final platform implementation was documented in a dedicated deliverable.

What is the IP and licensing situation?

The project was an Innovation Action funded under Horizon 2020, coordinated by EURECOM (France). IP is typically shared among the 6 consortium partners according to their grant agreement. Companies interested in licensing should contact the coordinator through SciTransfer for specific terms.

Is this compliant with GDPR and other data regulations?

GDPR compliance was a core design principle, not an afterthought. The project explicitly treated GDPR as a key enabler and built auditing and visualization modules (a dashboard) to demonstrate compliance. The platform minimizes privacy risks while enabling data processing by untrusted third parties.

How mature is this technology?

As a closed Innovation Action (2018-2021), the platform went through full implementation and validation. Three demo deliverables confirm testing against real use cases: e-health validation, web analytics validation, and final platform integration with privacy-enhancing technologies.

How does this integrate with existing data infrastructure?

The PAPAYA platform combines privacy-preserving analytics primitives with an integrated dashboard for auditing and visualization. Based on available project data, the platform was designed to work with untrusted third-party data processors, suggesting it sits between your data and external analytics services.

Consortium

Who built it

The PAPAYA consortium is strongly industry-oriented with 4 out of 6 partners (67%) from the private sector, spanning 5 countries (Spain, France, Israel, Italy, Sweden). This is a good sign for business readiness — it means the technology was built with commercial input, not just in a university lab. EURECOM, a French research institution, coordinates the project, while the 2 academic partners provide the cryptographic and privacy research backbone. The presence of 1 SME alongside larger industry players suggests the solution was tested for practical deployment at different company scales.

EURECOM GIECoordinator · FR
ORANGE SAparticipant · FR
ATOS SPAIN SAparticipant · ES
IBM ISRAEL - SCIENCE AND TECHNOLOGY LTDparticipant · IL
KARLSTADS UNIVERSITETparticipant · SE

How to reach the team

EURECOM GIE in France coordinates this project. SciTransfer can facilitate a direct introduction to the research team.

Order a report on this consortium See EURECOM GIE profile →

Next steps

Talk to the team behind this work.

Want to explore how privacy-preserving analytics can solve your GDPR compliance challenges? SciTransfer can connect you directly with the PAPAYA team and help you evaluate fit for your data processing needs.

Order a report on this topic More in Digital & ICT