This year, as the global pandemic comes to a close and our economy begins to reopen, both governments and non-governmental stakeholders are recognizing that robust protections of individual privacy have become critical elements of our digitally dependent world.[1],[2]
Privacy-enhancing technologies (PETs) are an integral part of that protection. PETs are techniques that use cryptography and statistics to minimize the amount of identifiable personal data processed between entities, while still ensuring accuracy in the measurement and analysis of the data. Common examples of PETs include homomorphic encryption, anonymization, and differential privacy, techniques which provide additional protection by never revealing personal data in plain text.
Unfortunately, despite growing interest, PETs continue to be underutilized as a solution to a myriad of privacy-related problems associated with data analysis and data transfers.
Here are three ways in which PETs can have transformative effects on how we handle data.
- Using PETs can increase cross-industry data sharing, leading to more timely insights for socially beneficial purposes.
Use of PETs is already proven to be effective within public and private sectors and industries, such as healthcare[3], financial services[4], and in activities supporting national security[5] concerns. Allowing for responsible and safe data sharing across industries will enhance the existing body of research and increase timely enforcement.
The existing challenge is that data regulation is primarily sector-specific, which prohibits data sharing, in areas such as complex criminal networks. For example, the U.K. Financial Conduct Authority recently piloted the “Tech Sprint” initiative to provide firms with synthetic data and found value in leveraging PETs in the anti-money laundering and financial crimes space.[6]
- Using PETs would allow for standardization across data shared between countries that have unique international data privacy agreements, laws, and regulations.
PETs allow for data transfers that would traditionally not be shareable across jurisdictions that are governed by differing data privacy and protection laws, agreements, and regulations. Global privacy agreements are a noble goal but may take years to reach and then sustain.[7]
PETs can bridge the gap in the interim. They are valuable in the growing data protectionist climate, where proposals like the EU Data Act[8], India Data Protection Bill[9], and similar legislation are advancing data localization requirements that would require companies to store data in the country of origination.
- Data privacy techniques would create economies of scale, serving as a great equalizer and leveling the playing field for companies, regardless of their size.
PETs can level the playing field so that small, medium and large companies can glean the same insights with the same data, without necessitating an exuberant amount of resources, personnel or infrastructure to do so (which may be required for the treatment of sensitive and identifiable data). The research shows that organizations with more sophisticated privacy practices have realized greater financial returns and business benefits, when compared to those that do not have such practices in place. Widespread access to PETs could optimize the financial returns generated by smaller companies on privacy compliance spending.[10]
This begs the question: how do we go about cultivating PET adoption intro mainstream use?
Legislative proposals and policy efforts should:
- Incentivize the study of PETs through government-backed research.
Bicameral, bipartisan proposals like “Promoting Digital Privacy Technologies Act” (H.R. 847)in the United States allow the National Science Foundation (NSF) to advance merit-reviewed and competitively awarded research on PETs and to coordinate with other, related agencies to develop standards for PETs.
Thus, the bill is critical as a stand-alone effort, rather than solely as a provision tacked on to comprehensive privacy or cybersecurity legislation, where the discussion of PETs has traditionally resided.
- Focus on cross-governmental collaboration.
Examples of governments working together to embrace their mutual interests in PETs is growing. At the tail end of 2021, President Biden announced the U.S.-U.K. Prize Challenge on PETs, which is being advanced by the U.S. National Institute of Standards and Technology (NIST) and NSF, as well as the UK’s Department for Digital, Culture, Media & Sport (DCMS). The opportunity is tremendous considering both country’s shared democratic values and alignment on digital strategy and growth.
On January 25, the United Nations launched a PETs Lab[11], which seeks to review international trade data from multiple countries and create a roadmap for future deployments of these technologies by governments.
- Direct governments to work with the private sector.
The public and private sector should collaborate to foster the appropriate conditions, such as market growth and adoption of PETs, to increase access and expedite usage by a wide range of stakeholders. A concrete example is the proliferation of “smart cities,” which will require PETs as a fundamental aspect of construction and deployment.[12],[13]
Given its expected potential, we recommend the U.S. government double down on its efforts to build robust public-private efforts around privacy enhancing technologies (PETs).
About Divya Sridhar: Divya Sridhar, Ph.D., is the Senior Director, Data Protection Policy at SIIA. Her portfolio includes data privacy and protection policies, at the international, federal, and state level. She advocates in favor of stronger data privacy legislation, laws and regulations that foster innovation, while harmonizing meaningful consumer protections with fitting business compliance. Her work advances the goals and needs of SIIA member companies.
About us: SIIA is a trade association that represents technology companies, publishers, and education technology companies that are at the cutting edge of new, data-driven innovations. Our mission is to protect the information lifecycle, which we view as the building block of innovation.
[1] Harvard Business Review. Which Economies Showed the Most Digital Progress in 2020? (December 2020).
[2] Brookings. How Digital Transformation is Driving Economic Change. (January 2022).
[3]Scheibner, J. et al. Revolutionizing Medical Data Sharing Using Advanced Privacy-Enhancing Technologies: Technical, Legal, and Ethical Synthesis. Journal of Medical Internet Research, 23(2), e25120. https://doi.org/10.2196/25120. (February 2021).
[4] S&P Global Market Intelligence. Banks use Privacy-enhancing Tech to Tackle Money Laundering as Regulation Lags. (December 2020).
[5] FinCEN.gov. FinCEN to Host Innovation Hours Program Workshop on Privacy Enhancing Technologies(May 2021).
[6] U.K. Financial Conduct Authority. Fostering Innovation through Collaboration. (March 2020).
[7]Chander, Anupam; Schwartz, Paul M. Privacy and/or Trade. Available at SSRN: https://ssrn.com/abstract=4038531 or http://dx.doi.org/10.2139/ssrn.4038531. (February 2022).
[8] Proposed EU Data Act. (2022).
[9]India (Personal) Data Protection Bill, (2019).
[10] See Figure 12. CISCO. Forged by the Pandemic: The Age of Privacy (January 2021).
[11] UN Big Data. What is the UN Pet Lab and Why is it Important? (February 2022).
[12] Edwards, Lilian. Privacy, Security and Data Protection in Smart Cities: A Critical EU Law Perspective. SSRN Electronic Journal. 2. 10.2139/ssrn.2711290. (January 2016).
[13] Curzon, James; Almehmadi, Abdulaziz; El-Khatib, Khalil. A survey of privacy enhancing technologies for smart cities, Pervasive and Mobile Computing, Volume 55, 2019 (pp 76-95), ISSN 1574-1192.