Peter A Clarke

The Information Commissioner’s Office (“ICO”) published its long awaited and very welcome guidance on the use of privacy enhancing technologies (“PETs”).  Properly used PETs are an invaluable part of proper data protection.  The media release provides:

The Information Commissioner’s Office (ICO) has published draft guidance on privacy-enhancing technologies (PETs) to help organisations unlock the potential of data by putting a data protection by design approach into practice. 

PETs are technologies that can help organisations share and use people’s data responsibly, lawfully, and securely, including by minimising the amount of data used and by encrypting or anonymising personal information. They are already used by financial organisations when investigating money laundering, for example, and by the healthcare sector to provide better health outcomes and services to the public. 

The draft PETs guidance explains the benefits and different types of PETs currently available, as well as how they can help organisations comply with data protection law. It is part of the ICO’s draft guidance on anonymisation and pseudonymisation, and the ICO is seeking feedback to help refine and improve the final guidance. 

By enabling organisations to share and collaboratively analyse sensitive data in a privacy-preserving manner, PETs open up unprecedented opportunities to harness the power of data through innovative and trustworthy applications. The UK and US governments have launched a set of prize challenges to unleash the potential of PETs to tackle combat global societal challenges, supported by the ICO.

John Edwards, UK Information Commissioner, said:  

“Although the use of PETs is in its early stages, it can unlock safe and lawful data sharing where people can enjoy better services and products without trading their privacy rights. In the UK, one example is the NHS building a system for linking patient data across different organisational domains. 

“Today’s draft guidance is part of my office’s strategy for the next three years, where we will be supporting the responsible use and sharing of personal information to drive innovation and economic growth. PETs have the potential to do that, so we look forward to hearing from industry and other stakeholders on how our guidance can help them achieve this.”  

The PETs draft guidance has been published ahead of the 2022 roundtable of G7 data protection and privacy authorities taking place in Bonn, Germany on 7-8 September, where the ICO will present its work on PETs to its G7 counterparts and encourage international agreement for the support of responsible and innovative use of PETs.

As part of this, the ICO will call for the development of industry-led governance, such as codes of conduct and certification schemes, to help organisations use PETs responsibly and to help PETs developers and providers to build the technology with data protection and privacy at the forefront. 

Mr Edwards said:

“It’s not just regulators that need to take action – we need the industry to step up, too. We want organisations to come to us with codes of conduct and certification schemes, for example, to show their commitment to building services or products that are designed in a privacy-friendly way and that protect people’s data.”

At 40 pages the guidance is very comprehensive.

Some key issues that should be considered are:

• the definition of a PET is:

‘software and hardware solutions, ie systems encompassing technical processes, methods or knowledge to achieve specific privacy or data protection functionality or to protect against risks of privacy of an individual or a group of natural persons.’

• PET assists in establishing data protection by design and by default by:
  • complying with the data minimisation principle, by only processing the data needed for the specified purposes;
  • providing an appropriate level of security;
  • implementing robust anonymisation or pseudonymisation solutions; and
  • minimising the risk that arises from personal data breaches, by rendering the personal data unintelligible to anyone not authorised to access it.
• PETs, can be used work with datasets without compromising the privacy of the individuals whose data is in the dataset.
• categories of PETS include those that:
  • reduce the identifiability of the individuals whose  data is being used/processed.  This complies with data minimisation principles.
  • focus on hiding and shielding data. These can help you achieve the requirements of the security principle; and
  • split or control access to personal data. These can help you to fulfil both the data minimisation and security principles, depending on the nature of the processing.
• PETs that derive or generate data which reduces or removes the identifiability of individuals which weakens or break the connection between an individual in the original personal data and the derived data
• PETs that focus on hiding, or shielding, data protect individuals’ privacy while not affecting the utility andaccuracy of the data.  They include:
  • homomorphic encryption, which allows computation to be performed on encrypted data without revealing the plaintext; and
  • zero-knowledge proofs, which allow one party to prove to another party that something is true, without revealing what that something is or indeed anything else (such as the underlying data).
• PETs that split datasets or control access to certain parts of the data minimise the amount of personal data shared and to ensure confidentiality and integrity, while not affecting the utility and accuracy of the data.  That includes
  • trusted execution environments
  • secure multi-party computation (SMPC), including private-set intersection
  • federated learning
• PETs can play a role in anonymisation
• The types of PETs are:
  • homomorphic encryption, which  provides strong security and confidentiality by enabling computations on encrypted data without first decrypting it.
  • secure multiparty computation which provides data minimisation and security by allowing different parties to jointly perform processing on their combined data, without any party needing to share its all of its data with each of the other parties.
  • federated learning trains machine learning models in distributed settings while minimising the amount of personal data shared with each party.
  • trusted execution environments provide enhanced security by enabling processing by a secure part of a computer processor, which is isolated from the main operating system and other applications.
  • zero-knowledge proofs provide data minimisation by enabling an individual to prove private information about themselves without revealing what it actually is.
  • differential privacy generates anonymous statistics by adding noise to individual records.
  • synthetic data provides realistic datasets in environments where access to large real datasets is not possible.