Insights Centre for Data Ethics and Innovation publishes blog on researching the role of privacy-enhancing technologies and issues a call for views

Contact

The CDEI says that it has been researching the role of privacy-enhancing technologies (PETs) in enabling safe, private and trustworthy use of data.

The CDEI notes that its report on public sector data sharing found that when working with personal or sensitive data, legal, ethical and reputational concerns can lead to risk aversion that may inhibit data from being fully utilised to provide benefits for society. The use of PETs can help manage and mitigate some of the risks involved, potentially unlocking avenues to innovation.

The blog post explains that in the broadest sense, a PET is any technical method that protects the privacy of personal or sensitive information. This definition includes relatively simple technologies such as ad-blocking browser extensions, as well as the encryption infrastructure. Of particular interest to the CDEI is a narrower set of emerging PETs, which are being implemented in an increasing number of real-world projects to help overcome privacy and security challenges, including:

  • homomorphic encryption: this allows computations to be performed on encrypted data;
  • trusted execution environments: this can protect code and data in a processing environment that is isolated from a computer’s main processor and memory;
  • secure multi-party computation: in which multiple organisations collaborate to perform joint analysis on their collective data, without any one organisation having to reveal their raw data to any of the others involved;
  • federated analytics: an approach for applying data science techniques by moving code to the data, rather than the traditional approach of collecting data centrally;
  • differentially private algorithms: these enable useful population-level insights about a dataset to be derived, whilst limiting what can be learned about any individual in the dataset; and
  • synthetic data: the generation of data that is statistically consistent with a real dataset. This generated data can replace or augment sensitive data used in data-driven applications.

The CDEI says that these technologies support a range of use-cases involving secure data processing, trustworthy data sharing, and privacy-preserving machine learning. They may be particularly useful in sectors where highly sensitive data is the norm, such as healthcare and finance. Indeed, the CDEI says, the pandemic has brought into focus the importance of being able to effectively utilise sensitive data at scale. The need to maintain privacy and security over this data has led to rapid innovations, such as the OpenSAFELY secure analytics platform which is enabling researchers to carry out analyses across over 24 million patient records. This large-scale analysis has enabled risk factors associated with COVID-19 to be identified, without exposing the personal information of individuals.

The CDEI says that these emerging technologies have the potential to be disruptive, enabling valuable data sharing and analysis whilst protecting privacy and confidentiality. For this potential to be fully realised, effective policy and governance frameworks are needed. The National Data Strategy calls on the CDEI to work with wider government to explore the role of PETs in enhancing consumer control and confidence, and ensuring trustworthy use of data. The CDEI is carrying out research that aims to address a number of related research questions:

  • What are the barriers inhibiting more widespread adoption of PETs in both the public and private sectors?
  • How does the use of PETs affect compliance with data protection regulation? Are there regulatory ambiguities that require clarification?
  • In what ways could PETs be used for harm? How can we mitigate those?
  • Where PETs are used beneficially, how can this be effectively communicated to build consumer confidence and public trust?

The CDEI is keen to talk to individuals and organisations who are developing or utilising privacy technologies. It is particularly interested in learning of examples where PETs have been piloted, or successfully used in production environments. By collating examples and conducting in-depth case studies, the CDEI hopes to be able to draw out common learnings and identify areas where more widespread use of PETs has the potential to bring about significant benefits. To read the CDEI’s blog post in full and for information on how to contribute to the call for views, click here.

Expertise