/ News and resources / Projects / Privacy Enhancing Technologies

Executive summary

Privacy Enhancing Technologies (PETs) are a suite of tools that can help maximise the use of data by reducing risks inherent to data use. Some PETs provide new techniques for anonymisation, while others enable collaborative analysis on privately-held datasets, allowing data to be used without disclosing copies of data. PETs are multi-purpose: they can reinforce data governance choices, serve as tools for data collaboration or enable greater accountability through audit. For these reasons, PETs have also been described as ‘Partnership Enhancing Technologies’ (footnote 1) or ‘Trust Technologies’ (footnote 2).

This report builds on the Royal Society’s 2019 publication Protecting privacy in practice: The current use, development and limits of Privacy Enhancing Technologies in data analysis (footnote 3), which presented a high-level overview of PETs and identified how these technologies could play a role in addressing privacy in applied data science research, digital strategies and data-driven business.

This new report, developed in close collaboration with the Alan Turing Institute, considers how PETs could play a significant role in responsible data use by enhancing data protection and collaborative data analysis. It is divided into three chapters covering the emerging marketplace for PETs, the state of standards and assurance and use cases for PETs.

Scope

From privacy to partnership outlines the current PETs landscape and considers the role of these technologies in addressing data governance issues beyond data security. The aim of this report is to address the following questions:

  • How can PETs support data governance and enable new, innovative, uses of data for public benefit?
  • What are the primary barriers and enabling factors around the adoption of PETs in data governance, and how might these be addressed or amplified?
  • How might PETs be factored into frameworks for assessing and balancing risks, harms and benefits when working with personal data?

Methodology

This work was steered by an expert Working Group as well as two closed contact group sessions with senior civil servants and regulators in April and October 2021 (on the scope and remit of the report, and on the use case topics and emerging themes, respectively).

The findings in this report are the result of consultations with a wide range of data and privacy stakeholders from academia, government, third sector, and industry, as well as three commissioned research projects on the role of assurance in enabling the uptake of PETs (footnote 4), PETs market readiness in the public sector (footnote 5), and a survey of synthetic data: data that is artificially generated based on real-world data, but which produces new data points (footnote 6). The use cases were drafted with input from domain specialists, and the report was reviewed by expert readers as well as invited reviewers.

The details of contributors, Working Group members, expert readers and reviewers are provided in the Appendix.

Key findings

General knowledge and awareness of PETs remains low amongst many potential PETs users (footnote 7, footnote 8), with inherent risk of using new and poorly understood technologies acting as a disincentive to adoption. Few organisations, particularly in the public sector, are prepared to experiment with data protection (footnote 9). Without in-house expertise, external assurance mechanisms or standards, organisations are unable to assess privacy trade-offs for a given PET or application. As a result, the PETs value proposition remains abstract and the business case for adopting PETs is unclear for potential users.

Standardisation for PETs, including data standards, is lacking and is cited as a hindrance to adoption by potential users in the UK public sector (footnote 10). Technical standards are required to ensure the underpinning technologies work as intended, while process standards are needed to ensure users know how and when to deploy them. While few PETs-specific standards exist to date, standards in adjacent fields (such as cybersecurity and AI) will be relevant. In the future, PETs-specific standards could provide the basis for assurance schemes to bolster user confidence.

A significant barrier to the widespread use of PETs is a lack of clear use cases for wider public benefit. To address this, Chapter 4 illustrates the potential benefit of PETs in the contexts of:

  • Using biometric data for health research and diagnostics;
  • Enhancing privacy in the Internet of Things and in digital twins;
  • Increasing safe access to social media data and accountability on social media platforms;
  • Generating population-level insights using synthesised national data;
  • Collective intelligence, crime detection and voting in digital governance; and
  • PETs in crisis situations and in analysis of humanitarian data:

The use cases demonstrate how PETs might maximise the value of data without compromising privacy.

A core question for potential PETs users is: What will PETs enable an analyst to do with data that could not be accomplished otherwise? Alternatively: What will PETs prevent an adversary from achieving? As the use cases illustrate, PETs are not a ‘silver bullet’ solution to data protection problems. However, they may be able to provide novel building blocks for constructing responsible data governance systems. For example, in some cases, PETs could be the best tools for reaching legal obligations, such as anonymity.

Data protection is only one aspect of the right to privacy. In most cases, PETs address this one aspect but do not address how data or the output of data analysis is used, although this could change as PETs mature. Some recent applications utilise PETs as tools for accountability and transparency, or to distribute decision-making power over a dataset across multiple collaborators (footnote 11), suggesting their potential in addressing elements of privacy beyond data security.

The field of PETs continues to develop rapidly. This report aims to consolidate and direct these efforts toward using data for public good. Through novel modes of data protection, PETs are already enhancing the responsible use of personal data in tackling significant contemporary challenges. The emerging role of PETs as tools for partnership, enhancing transparency and accountability may entail greater benefits still.

Footnotes

  • 1. Trask A. in Lunar Ventures (Lundy-Bryan L.) 2021 Privacy Enhancing Technologies: Part 2—the coming age of collaborative computing. See https://docsend.com/view/db577xmkswv9ujap?submissionGuid=650e684f-93eb-4cee-99e8-12a92d5d88a0 (accessed 20 September 2022).

    Back to report

  • 2. Infocomm Media Development Authority (Singapore grows trust in the digital environment). See https://www.imda.gov.sg/news-and-events/Media-Room/Media-Releases/2022/Singapore-grows-trust-in-the-digital-environment (accessed 5 June 2022)..

    Back to report

  • 3. The Royal Society. 2019 Protecting privacy in practice: The current use, development and limits of Privacy Enhancing Technologies in data analysis. See https://royalsociety.org/-/media/policy/projects/privacy-enhancing-technologies/ privacy-enhancing-technologies-report.pdf (accessed 30 June 2022).

    Back to report
Share:
Go to Recommendations