Exploring the Power of Privacy Enhancing Technologies

Quote of the Topic: UK Information Commissioner John Edwards said that “If your organization shares large volumes of data, particularly special category data, we recommend that over the next five years you start considering using PETs”[1]

So, what is the PET's?

Privacy enhancing technologies (“PET”) is the general name given to a set of tools, techniques, and methodologies aimed at ensuring data security based on data minimization and empowering individuals to control their own data.

Data protection law does not define PET’s. The European Union Agency for Cybersecurity (ENISA) refers to PETs as: ‘Software and hardware solutions, ie systems encompassing technical processes, methods or knowledge to achieve specific privacy or data protection functionality or to protect against risks of privacy of an individual or a group of natural persons.’

What PET’s are there?

There are many PET’s that you could consider as part of your data protection compliance. UK Information Commissioner Offices’s PET’s Guidance[2] list these below mentioned technologies.

• Differential privacy
• Synthetic data
• Homomorphic encryption 
• Zero-knowledge proofs
• Trusted execution environment
• Secure multiparty computation 
• Private set intersection 
• Federated learning

What are the benefits of PET’s?

Several categories of PETs can help achieve data protection compliance, including ‘data protection by design and default’. These include PETs that:

• Reduce the identifiability of the people that the information you are processing is about. These can help you to fulfil the principle of data minimisation;
• Focus on hiding and shielding information. These can help you achieve the requirements of the security principle; and
• Split datasets. These can help you to fulfil both the data minimisation and security principles, depending on the nature of the processing.

These types of technologies open unprecedented opportunities for organisations to harness the power of personal data through innovative and trustworthy applications, by allowing them to share, link and analyse people’s personal information without having access to it.

In addition PET’s can be used to share anonymised personal information to detect and prevent financial crimes and related harms such as fraud, money laundering, and cybercrimes.

If your organization processes extensive volumes of data, particularly sensitive category data, PET’s can be a focal point of your agenda next 5 years.