Privacy Enhancing Technologies (PETs) are currently in their infancy, but they hold the potential to bring a seismic shift in data management. In an era where data forms the linchpin of many business models, PETs stand out as harbingers of more respectful and safe data aggregation and analyses.
“By 2030, data marketplaces enabled by PETS, in which individuals, corporates, machines and governments trade data securely, will be the second largest ICT market after the Cloud.” – Lunar Ventures report The privacy infrastructure of tomorrow is being built today.
What are Privacy Enhancing Technologies?
The OECD currently defines PETs “as a collection of digital technologies, approaches and tools that permit data processing and analysis while protecting the confidentiality, and in some cases also the integrity and availability, of the data and thus the privacy of data subjects and commercial interests of data controllers”.
It goes on to outline that these technologies, tools and approaches generally fall into four categories:
- Data obfuscation.
- Encrypted data processing tools.
- Federated and distributed analytics.
- Data accountability.
Use Cases for PETs
Verification of Sensitive Personal Information.
Zero-Knowledge Proof (ZPK) tools can eliminate the need for people to submit sensitive personal information for routine purposes. For instance, these tools would allow renters to prove to realtors that they have an income over a certain amount without showing specific sensitive financial information.
These tools are not currently mature. But they are seen as a key element in the future of Digital Identity Wallets in Europe and it’s expected that their applications and use will widely expand in the near term.
Other potential applications include age verification for websites, which is a big deal (especially in light of Microsoft’s COPPA fine in 2023).
Product Development and Improvement
Apple highlighted how personal information and product development are intertwined in its article about Differential Privacy:
“There are situations where Apple can improve the user experience by getting insight from what many of our users are doing, for example: What new words are trending and might make the most relevant suggestions? What websites have problems that could affect battery life? Which emoji are chosen most often? The challenge is that the data which could drive the answers to those questions—such as what the users type on their keyboards—is personal.”
It then went on to discuss how differential privacy is already being used to solve issues like these. Generally, differential privacy is a technique that adds ‘noise’ to a dataset to protect individual privacy while allowing for statistical analysis. Apple has already widely adopted differential privacy to improve privacy during photo analysis and to gain insights about the use and usability of certain functions.
More Privacy-Centric Targeted Digital Advertising
“We hope that in the future PETs will allow a person’s original piece of data to be anonymized and aggregated with other people’s information. This new piece of data can then be leveraged by [Meta] and allow advertisers to continue running and measuring personalized ads.” – Meta.
PETs can help advertisers reach their audience without directly accessing individual user data. The implications of this would be huge in the targeted advertising space, since it promotes compliance with privacy regulations and user consent – and improves privacy outcomes for individuals. Some examples of PETs that could apply to the digital advertising ecosystem include differential privacy, federated learning, and homomorphic encryption, which allow for data processing without revealing individual data points.
Heathcare and BioTech Data Analysis
PETs offer significant potential in the healthcare and biotech industries. A 2022 blog post about the potential benefits of PETs imagined a future where:
- Tools are being developed for physicians to identify early signs of cancer and reduce health disparities without accessing anyone’s private data; and
- Cities and states can rapidly share public health data without sharing personal information about individuals.
What Should Companies Do Now?
As we outlined, many of these technologies are in their infancy and their adoption and use is not (yet) widespread.
For now, we would suggest creating and keeping a catalogue of your biggest privacy challenges. Then, identify situations where the choice seems to be either consumer privacy or company benefit. These are the scenarios where PETs will likely intervene in the coming years.
Reach out to discuss your company’s privacy maturity. Our attorneys would love to help
Disclaimer
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.
