Data Without Borders: Safe Global Collaboration Through Synthetic Data

1.0 The Conceptual Challenge: Deconstructing the “Borders” in Global Data

The concept of “Data Without Borders” evokes a powerful image of a frictionless world where information flows freely to solve humanity’s greatest challenges. However, before exploring a technological solution like synthetic data, it is imperative to first deconstruct this phrase. The term is not a single, unified concept but rather a collection of disparate initiatives, each of which highlights the very “borders” they seek to overcome. The true challenge is not a lack of data, but the legal, economic, and social barriers that prevent its safe and effective use.

https://uplatz.com/course-details/asset-accounting-in-sap/33

1.1 Disambiguation: The “Data Without Borders” Initiatives vs. The Concept

The ambiguity in the term “Data Without Borders” requires clarification. Several real-world organizations use this or similar branding, but their missions and methods differ significantly. They are, in effect, symptoms of the core problem of data siloing, not a unified technological solution.

Statistics Without Borders (SWB): An apolitical, pro-bono volunteer organization operating under the auspices of the American Statistical Association.1 Its mission is to provide statistical analysis and data science services to non-profits, NGOs, and governments, with a focus on helping developing countries.3 Its projects have included analyzing public health surveys in Sierra Leone, assessing the economic impact of the 2010 Haiti earthquake, and designing a long-term longitudinal study for Save the Children in Ethiopia.1
“Data Without Borders” (DWB): A 2011-era initiative founded by Jake Porway, conceived as a “data science exchange”.4 Its goal was to bridge the “data gap” by connecting data scientists and engineers (“generous geeks”) with non-profits that were “drowning in data” but lacked the resources to analyze it.4
Data Science Without Borders (DSWB) Africa: A contemporary project focused on strengthening data systems and building advanced data science pipelines in Africa.6 With pathfinder institutions in Cameroon, Ethiopia, and Senegal, DSWB aims to build local capacity and foster collaboration by harmonizing existing health datasets using common standards, such as the OMOP Common Data Model.6
“Data without Boundaries” (DwB) Europe: A project funded by the European Union’s 7th Framework Program (2011-2015).7 Unlike the pro-bono organizations, its mission was to improve researcher access to official, confidential microdata from national statistical institutes. This project focused on developing methods for “Statistical Disclosure Control (SDC)” to create anonymized public-use files, representing an important technical precursor to modern synthetic data generation.7

These organizations all exist to circumvent the very “borders” this report investigates. They are a human-powered, manual workaround to the fact that data is siloed and its benefits are not evenly distributed.4 The “Data without Boundaries” project, in particular, demonstrates that the problem of transnational data access is chronic, and its 2011-era SDC solution has now evolved into the more powerful generative AI techniques of today.7

Table 1: Disambiguation of ‘Data Without Borders’ and Related Initiatives

Initiative Name	Sponsoring/Affiliated Body	Primary Mission	Involvement with Synthetic Data
Statistics Without Borders (SWB)	American Statistical Association (ASA)	Pro-bono statistical consulting and data science services for NGOs and developing countries.1	None. Focuses on analysis of existing, real data.1
“Data Without Borders” (DWB)	Jake Porway (Founder)	A “data science exchange” to connect data scientists with non-profits needing analysis.4	None. Focuses on analysis of existing, real data.4
Data Science Without Borders (DSWB) Africa	Africa CDC, APHRC, LSHTM, et al.	Build data science capacity and harmonize health data systems in Africa.6	None. Focuses on data harmonization (e.g., OMOP CDM) of existing data.6
“Data without Boundaries” (DwB) Europe	European Union (FP7)	Improve researcher access to confidential, official microdata from national statistical institutes.7	No, but a direct technical precursor. Focused on “Statistical Disclosure Control” (SDC) to create “anonymized microdata”.7

1.2 Defining the “Borders”: The True Barriers to Global Data Collaboration

The true “borders” are not geographical but a fragmented and increasingly hostile patchwork of legal, economic, and social restrictions on data. Synthetic data is proposed as a technological “passport” to navigate this landscape.

Legal Border 1: Data Sovereignty & Localization
The most formidable barriers are legal. A rising tide of digital nationalism has formalized the concept of data sovereignty—the principle that data is subject to the laws of the nation in which it is collected.8 This principle is enforced through data localization mandates, which require organizations to store and/or process data within a country’s physical borders.11 Nations like China, Russia, and South Africa have all implemented such requirements, effectively “cutting the ‘world’ out of the ‘World Wide Web'”.12
Legal Border 2: The Compliance Gauntlet (GDPR)
Simultaneously, regulations with extraterritorial reach, most notably the EU’s General Data Protection Regulation (GDPR), govern the data of their citizens regardless of where in the world it is processed.15 This creates a “patchwork of privacy laws” 17 with “overlapping and conflicting requirements”.14 Consequently, simple cross-border data transfers, even when using approved mechanisms like Standard Contractual Clauses (SCCs), have become a complex, high-risk, and operationally burdensome legal endeavor.14
Economic & Operational Borders
These legal borders impose severe economic friction. Localization mandates force multinational organizations to “duplicate infrastructure” 12 and build “bespoke data storage centers” in multiple jurisdictions.14 This is not only inefficient but “resource-intensive” 12, increasing costs that are often passed on to consumers.14 These burdens have a “disproportionate effect on smaller businesses,” actively “thwarting growth opportunities” and stifling innovation.14
The Security Paradox
A critical paradox has emerged: policies enacted in the name of national security and privacy may, in fact, decrease data security. Centralized, heavily resourced data centers are often more secure than the “minimally-resourced local facilities” that companies are forced to establish to comply with localization laws.14 These local outposts are “more likely to permit network intrusions and data compromises”.14 This paradox creates the central business case for a Privacy-Enhancing Technology (PET): a tool that can satisfy the goal of privacy and security while bypassing the inefficient and insecure policy of localization.
Social & Trust Borders
Finally, there is a deep-seated social barrier. Public opinion surveys reveal a significant distrust of international data sharing.18 A 2015 US survey, for example, found that while 71% of adults supported sharing their data with US university researchers, that support plummeted to just 39% for “university researchers in other countries”.18 This “trust border” is a significant social hurdle that a technological solution must also be prepared to address.

2.0 Synthetic Data as a Proposed Passport: Generation and Principles

To bypass these borders, organizations are turning to synthetic data. This technology is proposed as a “passport”—a new, clean, and authentic-looking document that retains all the statistical characteristics of the original data but severs any link to a real person.

2.1 Defining the “Passport”: What is Synthetic Data?

Synthetic data is “artificially generated information” 19 or “imitation data” 20 created by computer algorithms.21 It is engineered to “mimic” 19 and “resemble” 20 the statistical properties, patterns, correlations, and structure of a real-world dataset.

The core premise is a paradigm shift from traditional anonymization (like masking or randomization), which merely alters existing records.24 Synthetic data is “created entirely from scratch”.24 This “no one-to-one relationship” between a synthetic record and a real individual is the foundation of its claim to be “fully compliant with data privacy regulations” 16 because it “contains no actual personal or sensitive information”.16 It aims to be a “perfect proxy” for the original data, severing the link to individual identity while preserving the aggregate insights.24

This “passport” can come in several forms, depending on the use case:

Fully Synthetic Data: The entire dataset is algorithmically generated, and no real data is present. This method is considered to have the lowest re-identification risk and is the primary type used for privacy-preserving analytics and sharing.23
Partially Synthetic Data: Only specific sensitive values (e.g., names, social security numbers) are replaced with synthetic ones, while other non-sensitive real data (e.g., transaction amounts) remain.23 This approach is used to maintain higher analytical validity but comes with a “higher disclosure risk” as some true values remain.23
Non-representative (“Dummy”) Data: This data is structurally similar to the original (e.g., same column names, data types) but is not statistically representative. It is “dummy data” useful for software testing or code reproduction, but not for analysis.28

2.2 The “Passport” Office: How Deep Generative Models Create Synthetic Data

The technology used to create synthetic data has evolved from simple “rule-based approaches” 23 and “traditional statistical models” (like those explored in the DwB project 7) to “state-of-the-art” 23 deep generative models.30 This is not just an increase in power; it is a fundamental shift in capability. While traditional methods required a human to pre-define the statistical distributions to be mimicked, generative models learn the “patterns, correlations and statistical properties” 24 themselves, capturing complex, high-dimensional, and non-obvious relationships 32 that no human could define.

Two types of deep learning models dominate this field:

Technique 1: Generative Adversarial Networks (GANs)
A GAN is a “strong class of generative models” 33 comprised of two competing neural networks 22:

The Generator: Its job is to “create synthetic data samples” 33, often by taking random noise as input.
The Discriminator: Its job is to act as a “distinguisher” 33, analyzing a piece of data and determining if it is “real” (from the original dataset) or “fake” (from the generator).
The two networks are trained in an “adversarial” process. The generator’s sole goal is to “produce data that attempts to fool” the discriminator.35 This competition forces the generator to become progressively better at producing “realistic synthetic data” 35 that is statistically indistinguishable from the original.36

Technique 2: Variational Autoencoders (VAEs)
A VAE consists of two networks 35:

The Encoder: This network “summarizes the characteristics and patterns of real-world data”.35 It does this by compressing the input data into a “lower-dimensional latent space,” which is a probabilistic representation of the data’s key features.33
The Decoder: This network “attempts to convert that summary into a lifelike synthetic dataset”.35
The generative step is to sample a point from the probabilistic latent space 33 and feed it to the decoder. This generates a new data sample that follows the learned patterns but is not a simple copy of the original input.

In this new paradigm, the generative model itself—the GAN or VAE trained on the original, sensitive data—becomes a critical asset. It is a “blueprint” 35 or “summary” 35 of the sensitive data. This “concentrated information” 38 also makes the model a significant new liability and an attractive target for cyberattacks.

3.0 The Regulatory Ambiguity: Is This Passport Legally Valid?

The central premise of synthetic data as a global collaboration tool rests on a single, powerful assumption: that the resulting dataset is “anonymous” and therefore not subject to the cross-border transfer restrictions of regulations like GDPR. This assumption is a dangerous oversimplification.

3.1 The “Anonymization” Claim

Synthetic data is heavily marketed as a “compliance-friendly alternative” 39 that is “fully compliant with data privacy regulations like GDPR, CCPA, and HIPAA”.16 The logic is that because it “contains no personally identifiable information (PII)” 16 and no “one-to-one relationship” with real individuals 24, it is legally and functionally anonymous. It is positioned as a superior alternative to traditional de-identification, which often fails to protect against re-identification and results in “decreased utility and statistical relevance”.25

3.2 The Critical Legal Nuance: The Process vs. The Product

The legal analysis of synthetic data is not a single question but two distinct ones. Failure to separate them is the most common and critical error in this domain.

Part 1: The Generation Process is Fully Regulated

An organization cannot claim immunity from data protection law simply because its end product is synthetic. To create the synthetic data, one must first access, analyze, and train a model on the original, real, sensitive dataset.40 This “initial processing” 40 of personal data is fully subject to all data protection laws.41

Under GDPR, this means an organization must have a “lawful basis” (such as legitimate interest or explicit consent) to process the original data for this purpose.40 It also means a “Data Protection Impact Assessment” (DPIA) is almost certainly required before the generation can even begin.41 This “original sin” of processing PII means synthetic data is not a tool for organizations to analyze data they have no legal right to acquire. It is a tool for data sharing by organizations that already have a legal basis to hold the data.

Part 2: The Output Product’s Ambiguous Status

The second question is whether the resulting synthetic dataset is legally “personal data.” The answer is a complex and non-guaranteed “it depends.”

There is no one-size-fits-all answer.41 Regulators, in an “orthodox” approach, start with the presumption that if the source data was personal, the synthetic output remains personal data.41

The burden of proof is on the data controller (the organization) to demonstrate that the data is effectively anonymized.41 This is not a simple declaration. It requires a “multifaceted contextual risk assessment” 41 to prove that the risk of re-identification, considering all “means reasonably likely to be used” (a key phrase from GDPR Recital 26), is minimal.41 This means compliance is not a “fire and forget” solution; it is an ongoing technical proof that must be updated as “new re-identification techniques emerge”.40 A dataset deemed “anonymous” today could be legally re-classified as “personal data” tomorrow.

3.3 The Unresolved Legal Grey Area: “Coincidental Matching”

A profound legal ambiguity remains that current regulation does not address: “coincidental matching”.41 If a generative model, in its process of creating a new, fictitious record, accidentally generates a profile that happens to match a real, living person (who may not have even been in the original dataset), is that new record “personal data”?

The GDPR and current data protection guidance are silent on this issue.41 This unresolved question “threatens to overstretch the concept of ‘personal data'” 41, but it poses a significant legal risk for any organization claiming its data is 100% anonymous and free from regulation.

This legal ambiguity creates a technical catch-22. To be legally anonymous, the data must have minimal re-identification risk.41 To be useful, the data must have high statistical utility.25 As the following sections will show, high utility often requires capturing rare outliers, which carry the highest re-identification risk 38, thereby failing the “minimal risk” legal test and defeating the entire premise.

4.0 The Privacy-Utility-Fidelity Trilemma: Managing the Core Trade-Off

Moving from legal theory to data science practice, the value of synthetic data is not a single measure but a constant, three-way balancing act. The “safety” and “utility” of the “passport” are in direct, quantifiable opposition. This is the Privacy-Utility-Fidelity trilemma.32

4.1 Defining the Core Metrics

Practitioners and regulators must evaluate synthetic data on three distinct axes:

Privacy: A measure of the risk that individuals in the original dataset can be re-identified or their information inferred from the synthetic data.44 This is what the organization seeks to maximize.
Fidelity (or “Broad Utility”): A measure of the statistical similarity between the synthetic and real datasets.44 This “broad” metric assesses how well the synthetic data preserves the overall distributions and correlations of the original.44
Utility (or “Narrow Utility”): A measure of the usefulness of the synthetic data for a specific, downstream task.44 This “narrow” metric is most often evaluated using the “Train-on-Synthetic, Evaluate-on-Real” (TSTR) method: how well does a machine learning model, trained only on synthetic data, perform when “real” data?.46

4.2 Deconstructing the Trade-Offs

The most common trap for executives is to conflate these metrics. They are “not synonymous”.32

Utility vs. Fidelity
A vendor may provide a “fidelity report” showing that “all marginal distributions are 99.9% similar.” This “broad” metric 44 is often meaningless for a “narrow” use case. For example, a bank’s fraud detection model (a “narrow” task) is trained to find 0.1% outliers.48 A generative model, in its quest for high “broad” fidelity, may treat these critical outliers as “noise” and smooth them out of the final dataset. The resulting dataset would have 99.9% fidelity but zero utility for the bank’s specific task. Therefore, validation must always be tied to the “narrow” use case, not just “broad” fidelity.
The “Privacy-Utility Trade-Off”
This is the fundamental conflict.42 To increase Privacy, the generative algorithm must add noise or distort the data (e.g., via Differential Privacy).49 This “distortion” 50 or “signal loss” 51 decreases Utility.25 Conversely, to increase Utility, the model must be trained to a higher fidelity, which increases the risk of “overfitting” or “memorizing” individual data points 28, thereby decreasing Privacy.

4.3 The “Gold Standard” Solution: Differential Privacy (DP)

The term “synthetic data” provides no guarantee of privacy; it is often just “privacy by obscurity,” a hope that the model “forgot” the individuals. The technical “gold standard” to solve this is Differential Privacy (DP).53

DP is not an algorithm but a mathematical definition of privacy.54 It provides a “provable privacy guarantee” 53 by mathematically ensuring that the output of an algorithm is “statistically independent” of any single individual’s data. This is typically achieved by injecting a precisely calibrated amount of “noise” (randomness) into the model’s training process (e.g., DP-SGD 55) or its queries.54

This guarantee is not free. DP-synthetic data is always a “distorted version” of the original.50 High levels of privacy (a low “epsilon,” or privacy budget) can lead to “considerable” distortion and a loss of utility.50 However, the 2018 NIST Differential Privacy Synthetic Data Challenge 53 proved that it is possible to create “extremely accurate” 53 DP-synthetic data. The top-scoring open-source algorithms from that challenge demonstrated high utility, particularly by focusing on preserving key “marginal distributions”.53

For any high-risk data, the distinction between “synthetic data” (a marketing term) and “Differentially Private synthetic data” (a technical, provable guarantee) is paramount. The Privacy-Utility-Fidelity trilemma cannot be “solved” by a single algorithm; it must be managed by a governance decision 43 that sets the acceptable risk-utility balance for each specific use case.

5.0 Critical Vulnerabilities and the Limits of “Safety”

The claim that synthetic data is “safe” is contingent on the generative model learning general patterns while forgetting specific individuals. This section details the technical attack vectors that challenge this assumption, demonstrating how a model that is “too good” can become a critical liability.

5.1 The “Overfitting” Paradox: When High Fidelity Becomes a Liability

The “safety” of synthetic data is inversely proportional to the model’s “overfitting”.52 When a generative model is trained to be too realistic (high-fidelity), it risks “memorizing” parts of the original dataset instead of learning general patterns. This “overfitting” means the synthetic data “closely matches the original data” 52, and the more realistic it becomes, the “greater the risk that it inadvertently reveals private information”.38

5.2 Vulnerability 1: Re-identification via Outliers

This is the most potent and intuitive risk, known as the “Outlier’s Curse.” In finance and healthcare, the most valuable data points are often the outliers (a rare disease, a novel fraud pattern). These outliers are also the most vulnerable.

The “Small Town” Example: As described by the Ada Lovelace Institute, “If synthetic medical data captures the rare combination of a 45-year-old with a specific genetic condition living in a small town, it might recreate enough detail to reidentify the original patient”.38
Attack Feasibility: Research confirms that generative models without differential privacy “do not protect outliers from linkage attacks”.57 An attacker with access to some public information (e.g., a voter roll) can perform a “sample-to-population attack” 58 to link these unique “fictitious” records back to real individuals, breaking the data’s anonymity.

5.3 Vulnerability 2: Membership Inference Attacks (MIAs)

A more subtle and powerful attack is the Membership Inference Attack (MIA).42

Definition: An MIA does not try to reconstruct the data. Instead, it seeks to determine whether a specific individual’s record was part of the training dataset used to create the generative model.59
Why it Matters: The mere knowledge that a person was in a specific dataset (e.g., a dataset of substance abuse patients, a dataset of political dissidents) can be a catastrophic privacy breach.59
The Mechanism: The attack “targets local overfitting”.60 A generative model behaves just slightly differently for data it has “memorized” (members) versus similar data it has not (non-members). An attacker trains a second classifier to spot this subtle difference, effectively “fingerprinting” the training data.
Attack Success: Studies show that “partially synthetic data” is “vulnerable… at a very high rate”.61 While “fully synthetic data” is more robust, newer MIA models are “significantly more successful” at attacking “uncommon samples”—once again, the outliers.60

This leads to a critical causal chain: an organization, seeking maximum utility, trains a high-fidelity model. That model overfits the outliers.56 An attacker uses an MIA 60 or linkage attack 57 to re-identify those outliers. A regulator then determines that re-identification is “reasonably likely” 41, meaning the data is “personal data.” The organization is now liable for a massive cross-border data breach 15 caused by the very tool they deployed for protection.

5.4 The “Model as a Target”

Finally, the generative model file itself—the “concentrated information” summary of the population it was trained on—becomes an attractive target for cyberattacks.38 Stealing the model may be as devastating as stealing the data, as the attacker can then probe it indefinitely for vulnerabilities or generate infinite synthetic samples.

6.0 The Bias Paradox: A Tool for Fairness or an Engine for Amplification?

Beyond privacy, the most profound challenge is ethical. Synthetic data is simultaneously presented as a revolutionary solution to algorithmic bias and a dangerous amplifier of it. This paradox reveals that synthetic data is not a neutral tool; it is a battleground for fairness.

6.1 The Promise: Synthetic Data as a Solution to Bias

The primary source of algorithmic unfairness is the real-world training data, which is often “laden with various degrees of historical biases”.62 Synthetic data offers a unique opportunity for active, intentional intervention.63

Mechanism 1: Re-balancing. If a dataset for loan applications underrepresents a minority group, a generative model can be used to “balance datasets” 16 by creating more high-quality, synthetic samples of that group. This “augmented dataset” 66 with “predetermined fairness characteristics” 63 can train a fairer model.
Mechanism 2: De-biasing. The model can learn “unfavorable correlations” 67 (e.g., zip code correlating with race and loan denial) and then be instructed to generate new data that breaks this link. This creates “fair synthetic data” 68 designed to produce “more equitable AI systems”.63

6.2 The Peril: Synthetic Data as an Amplifier of Bias

The promise of a technical “fix” for bias is fraught with peril. The same mechanisms that create synthetic data can also entrench and amplify discrimination.

Problem 1: “Garbage In, Garbage Out.”
The generative model learns from the real data. If that data is biased, the model will “learn and ultimately reify” those biases.70 The synthetic data “will have all the same biases” 71 and “may propagate and amplify” them in sophisticated, hard-to-detect ways.38
Problem 2: The “Fallacy of Neutrality.”
The “fix” described above is a dangerous illusion. It “presumes that algorithmic bias… can be achieved artificially” 73, as if a “neutral state” exists. This is false.

It “places unprecedented power in developers’ hands”.38
It tasks a small group of engineers with making “value-laden choices” 38 about “what constitutes fair representation”.38
These choices will “always reflect their own backgrounds, assumptions, [and] blind spots”.38 This process does not eliminate bias; it hides the real-world “social and political” 38 nature of bias behind an opaque “technical ‘solution'” 73 defined by a new, unelected authority.

Problem 3: “Fairness Feedback Loops” & “Model Collapse”
This is the most critical systemic risk.74 “Model-induced distribution shifts (MIDS)” 74 occur when a model’s outputs (either synthetic data or its real-world decisions) are fed back into the training set for the next generation of models.38

The Cycle: The model “pollutes” its own training data 74, “encoding its mistakes, biases, and unfairnesses into the ground truth”.74
The Result: “Model Collapse”.38 The model “feeds off its own work” 38, becoming an “inbred mutant” 38 (termed “Habsburg AI”) that degrades in quality, diversity, and fairness, even if the initial dataset was unbiased.74 This creates a “fairness feedback loop” that can lead to “disastrous repercussions” 76 as the model becomes increasingly detached from reality.

7.0 A Comparative Analysis of Strategic Alternatives (PETs)

Synthetic data does not exist in a vacuum. It is one of a suite of Privacy-Enhancing Technologies (PETs) that organizations can deploy.77 A sound strategy requires understanding its trade-offs against its two main rivals for safe global collaboration: Federated Learning and Homomorphic Encryption.

7.1 Synthetic Data vs. Federated Learning (FL)

Federated Learning (FL): This is a “decentralized ML” 80 approach based on a simple, powerful principle: “move the model to the data, not the data to the model”.82
Mechanism: Each collaborator (e.g., a hospital in a different country) keeps its sensitive data local. A global, “empty” model is sent to each hospital. The model is trained locally on that hospital’s private data. Only the anonymized model updates (parameter weights) are sent back to a central server to be aggregated. The raw data never moves, thus respecting data sovereignty by design.82
The Pro-FL Argument: FL is “more robust, realistic, and scalable”.82 It offers “True privacy” 83 and is inherently “aligned with GDPR, HIPAA, etc., by not moving personal data”.82 Crucially, models are trained on real, up-to-date data, not potentially distorted “synthetic replicas”.83
The “Perfect Symbiosis”: The primary weakness of FL is “data heterogeneity”.51 If one hospital’s data is statistically very different from another’s, the model aggregation process is “slowed down”.51 This is where the two technologies combine. In an advanced strategy called “Federated Synthesis” 85, each collaborator first shares a (DP-protected) synthetic version of its local data. This gives each collaborator a “view into the global distribution” 51 before the federated training begins. This hybrid approach “remediates this common challenge” 51 and results in models that converge faster (in one experiment, “approximately 30% faster”) and with higher accuracy.51

7.2 Synthetic Data vs. Homomorphic Encryption (HE)

Homomorphic Encryption (HE): This is a “powerful cryptographic technique” 86 that “allows computations to be performed on encrypted data without ever decrypting it”.87 An analyst can run queries and perform analytics on a dataset they cannot see.
The Pro-HE Argument: It is often cited as the “most secure option” 86, offering absolute mathematical confidentiality for data while it is being processed.87
The Pro-Synthetic-Data Argument: HE’s strength is also its weakness. It is “extremely high computational cost” 83, “resource-intensive” 91, and “incredibly compute-intensive”.92 This makes it slow and impractical for many complex AI model training tasks. Synthetic data, by contrast, has a high up-front computational cost (for generation) but is then “flexible, scalable” 91 and “can be used freely and efficiently” 91 by any number of teams for any number of tasks.
The Critical Use-Case Distinction: The choice between them depends on actionability.

Imagine a researcher queries a synthetic dataset and discovers a pattern linking a specific gene to a drug’s fatal side effect.93 This insight is non-actionable in a crisis because it is “impossible to determine who these similar people are in real life”.93 The link to the individual has been intentionally destroyed.
With HE, the researcher could run the same query on the encrypted real data. The encrypted result would be sent to a “pre-approved party” (like the originating hospital), which could decrypt it to “re-identify the at-risk individuals” 93 and warn them.
Synthetic data is for insight. Homomorphic encryption is for action.

This analysis shows there is no “one PET to rule them all.” The correct strategy is to build a portfolio of PETs 79 and map the right tool to the right task.

Table 2: Strategic Comparison of PETs for Global Collaboration

Technology	Core Privacy Principle	Best Use Case	Key Vulnerabilities	Relative Computational Cost
Synthetic Data	“Anonymize the Data”	Broad data sharing, AI model training, software testing, partner sandboxes.19	Re-identification of outliers 57, membership inference attacks (MIA) 60, bias amplification.74	High (Generation), Low (Use). Easy to use once created.91
Federated Learning (FL)	“Move the Model, Not the Data”	Collaborative AI training on sensitive, unmovable data (e.g., cross-border hospitals, banks).81	Model inversion attacks (inferring data from updates), data heterogeneity slows training.51	High (Communication). Requires robust network communication.
Homomorphic Encryption (HE)	“Compute on Encrypted Data”	Targeted, secure queries on live, encrypted data; use cases requiring re-identification by a trusted party.87	Extreme computational cost 83, limited query/operation types, performance bottlenecks.88	Extremely High (Computation). Resource-intensive for every query.92

8.0 Pathways to Implementation: Case Studies and Governance Frameworks

While the technical and legal challenges are significant, several organizations are already navigating them. Their pilot programs and governance models provide a blueprint for a successful “Data Without Borders” strategy, which depends more on governance and trust than on any single algorithm.94

8.1 Case Study: Global Healthcare & Public Policy

The Problem: Data scarcity and fragmentation are a primary barrier to rare disease research.23 Strict privacy regulations (HIPAA, GDPR) create data-sharing bottlenecks, slowing innovation.96
The Solution (US CDC’s NCHS Pilot): The US Centers for Disease Control and Prevention’s National Center for Health Statistics (NCHS) has pioneered a model to solve this.98

Action: NCHS links multiple, highly restricted datasets (e.g., National Health Interview Survey, HUD, and Medicare data). Access to this linked data is normally restricted to secure Federal Research Data Centers.98 To “make linked data easier to access,” NCHS created public-use synthetic linked data files.98
The Safety Mechanism: This is not a “fire and forget” release. NCHS provides a verification process.98 Researchers can perform their analysis on the public synthetic data. They then submit their code and results to NCHS, which runs the exact same analysis on the real, restricted data to confirm the findings.98 This “verification model” builds trust by democratizing access (via the synthetic file) while guaranteeing accuracy (via the verification service).

8.2 Case Study: Cross-Border Finance & Fraud

The Problem: Banks are blind to systemic financial crime. Each institution’s fraud-detection model is trained only on its “narrow view” (its own transaction data), missing the holistic patterns of money laundering that cross multiple banks.71
The Solution (UK FCA Pilot): The UK’s Financial Conduct Authority (FCA) established a Synthetic Data Expert Group (SDEG) to explore use cases for the entire sector.45 Their research identified key applications in mitigating bias in credit scoring, training more robust fraud detection models, and enabling cross-sector data sharing to fight “Authorised Push Payment (APP) Fraud”.45
The Solution (Industry Hybrid): A North American bank successfully trained its Anti-Money Laundering (AML) models across four countries using a hybrid approach, without moving personal data.101 This aligns with emerging academic and industry research (e.g., from JP Morgan) on hybrid Federated Learning and Synthetic Data models.80
The “Greenfield” Alternative (IBM): An entirely different strategy bypasses PII altogether. Instead of synthesizing from real data (and inheriting its legal and bias issues), IBM’s research uses an “agent-based virtual world approach”.100 This generates financial crime data from simulations of “criminal agents.” This data is superior for training models because “all fraud is labelled fraud.” In contrast, real data is incomplete, with an estimated “95% of money laundering” missed entirely.100 This “greenfield” approach avoids the “garbage in, garbage out” problem and the legal risks of processing PII.

8.3 Actionable Governance Frameworks

These cases show that “cultural resistance” 71 and a lack of governance are the biggest blockers. Successful implementation requires a clear framework.

Framework 1: The NIST Model (Validation-Centric)
Based on its DP Synthetic Data Challenge 53, NIST’s approach is built on quantifiable, auditable proof. Organizations must have “standard metrics” 102 for both utility and privacy. Tools like the SDNist library 103 can generate a “summary quality report” that evaluates the synthetic data against the original, providing the auditable proof needed for regulators and stakeholders.
Framework 2: The Ada Lovelace Model (Ethics-Centric)
This framework focuses on managing harms, not just data.38 It moves the “bias” problem from a technical team to a governance body. It warns against letting developers make “value-laden choices” 38 about fairness in a vacuum and instead calls to “engage communities” 38 in how they are represented. It also mandates continuous validation to check for “simulation-to-reality gaps” 38 and outlier memorization.
Framework 3: The Georgetown MDI Pilot Guide (Process-Centric)
This provides a practical checklist for a first-time pilot.104 It outlines clear steps: 1) Establish partnerships and scope goals; 2) Define requirements, datasets, and deliverables; 3) Conduct IT and legal needs assessments; 4) Use checklists to evaluate progress on both privacy and utility; and 5) Communicate to all stakeholders.104

9.0 Strategic Recommendations for Safe Global Collaboration

The concept of “Data Without Borders” remains a conceptual goal, not a current reality. Synthetic data is not a magical passport that makes borders disappear. It is, rather, a highly sophisticated visa application. It requires significant legal pre-work, carries quantifiable technical risks, and must be embedded within a robust governance and validation framework to be successful. A strategy that ignores this complexity is destined to fail. A strategy that embraces it will unlock safe global collaboration.

The following are strategic recommendations for any C-suite executive, Chief Data Officer, or privacy counsel developing a “Data Without Borders” initiative.

Recommendation 1: Reject the “Silver Bullet”—Adopt a PETs Portfolio.
The premise “Data Without Borders Through Synthetic Data” is flawed. Synthetic data is a powerful tool, but it is not a “panacea”.78 An organization must build a “PETs toolkit” 78 and map the right tool to the right problem, as detailed in Table 2.

Use Synthetic Data for broad R&D, testing, and anonymized sharing.
Use Federated Learning for collaborative model-building on live, sensitive data that cannot move.
Use Homomorphic Encryption for targeted, actionable queries on encrypted data where re-identification by a trusted party is a required feature.93

Recommendation 2: Mandate “Differentially Private” Generation.
Organizations must not accept the generic marketing term “synthetic data” for any project involving PII.

Action: Mandate that any synthetic data generated from personal data must be created using a Differential Privacy (DP) framework.53 This is the only method that provides a “provable privacy guarantee” 53 that is quantifiable, auditable, and legally defensible to regulators. All other methods are “privacy by obscurity” and represent an unacceptable and unquantifiable risk.

Recommendation 3: Prioritize the “Federated Synthesis” Hybrid Model.
For the highest-value, most complex global collaboration challenges (e.g., multinational clinical trials, global AML model training), a single PET is insufficient.

Action: Champion the hybrid “Federated Synthesis” 85 architecture. This model 51 respects data sovereignty (no raw data moves, satisfying FL’s strength) while accelerating performance (synthetic data provides a “global view,” fixing FL’s weakness). This is the current state-of-the-art for safe, effective global AI collaboration.

Recommendation 4: Invert the Bias Problem—From Technical Fix to Governed Choice.
The “bias paradox” (Section 6) proves that this is an ethical and governance problem, not a technical one.

Action:

Forbid engineers from making unilateral “value-laden choices” 38 about fairness.
Establish a cross-functional Algorithmic Fairness Governance Board (including Legal, Ethics, Data, and impacted community representatives 38).
Task this board with explicitly defining and documenting the “fairness characteristics” 63 for any synthetic dataset before it is generated. This transforms bias from a hidden risk into an auditable, intentional, and defensible corporate policy.

Recommendation 5: Implement the “CDC Verification Model” to Build Trust.
Do not “boil the ocean” by replacing all real data with synthetic data. This creates distrust 71 and carries high risk.38

Action: Adopt the NCHS pilot model 98 as a phased rollout strategy.

Tier 1 (Internal/Public): Release high-privacy (e.g., high-noise DP) synthetic datasets for broad internal R&D, software testing, and partner exploration.
Tier 2 (Secure Enclave): Maintain the original data and the generative model in a secure enclave. Offer a “verification service” where, before a high-risk model is deployed, its findings must be validated against the “ground truth” data. This builds trust and ensures “simulation-to-reality gaps” 38 are caught.

Recommendation 6: Investigate “Greenfield” Simulation.
For problems where real-world data is biased, incomplete, or legally toxic (e.g., financial crime 100), training on that data (even synthetically) will perpetuate “garbage in, garbage out”.70

Action: Launch a pilot project for Agent-Based Simulation.100 This “greenfield” approach generates data from rules and simulations 100, not PII. This completely avoids the legal “initial processing” risk (Section 3) and can produce superior data 100 for training models to find events that are missed in real-world data.

Cutting-edge Technology Courses by Uplatz