Understanding Privacy-Enhancing Technologies (PETs)

Published 14 November 2022

Privacy-Enhancing Technologies or PETs are technologies that minimise data usage and maximise data security to preserve an individual’s privacy. PETs can help organisations ensure data protection by design – this is an approach enshrined in Article 25(1) of the UK GDPR which sets out that organisations must consider privacy and data protection issues at the design phase of any system, service, product or process and throughout the lifecycle of the same.

PETs are continually developing and have the potential to help capture the true value of data, while ensuring the privacy of individuals is upheld. This session will cover a high-level overview of PETs, including how they fit within the wider data protection regime, and their relationship with anonymisation.

The Information Commissioner’s Office (ICO) classifies PETs into three categories:

1. Those that reduce or remove the identifiability of individuals, which aim to weaken or break the connection between an individual in the original personal data and the derived data – for example, synthetic data and differential privacy;
2. Those that hide or shield data, aiming to protect individuals’ privacy while not affecting the utility and accuracy of the data, for example via encryption techniques such as zero-knowledge proofs and homomorphic encryption; and
3. Those that split datasets or control access to certain parts of the data, e.g. by providing dedicated hardware to prevent the operating system or other application from accessing the personal data, such as trusted execution environments, secure multi-party computation and federated learning.

Out of the above examples, our session will take a closer look at synthetic data, zero-knowledge proofs and trusted execution environments, discussing the advantages and disadvantages of each, how they can be used and what organisations should be aware of when utilising PETs, including the measures of a PET’s maturity. We will also highlight some example use cases for PETs, particularly in the financial services and insurance industries.