Opportunities for PETs

Enabling innovation and preserving privacy

Privacy is a fundamental right. Organisations have an obligation to protect privacy, and must consider important legal, ethical, and reputational concerns when working with personal or sensitive data. CDEI's report on public sector data sharing found that these concerns can lead to risk aversion that may inhibit data from being used in ways that are of benefit to society. The use of PETs can help manage and mitigate some of the risks involved.

PETs can thus be an enabler for innovation, unlocking new opportunities for valuable data sharing and processing. Additionally, PETs can enhance privacy in existing projects, by enabling data sharing and processing to be carried out in a more privacy-focused way.

A data project with the potential to create significant benefits may be hindered or blocked completely if the associated risks are too high. This could be legal risks associated with compliance with data protection regulation, or commercial/reputational risks associated with handling sensitive customer information. When applied appropriately, PETs can provide strong guarantees on the level of privacy or security of the data they protect, and thus can greatly reduce the risk of sensitive data being disclosed. This can help tip the scales in favour of sharing or processing data, enabling innovation that may otherwise have remained untapped.

Our research has found that increasing awareness and understanding of PETs and their use cases could foster greater adoption of the technologies. This guide aims to help in this regard, posing questions to help those working on data initiatives involving sensitive information to consider which PETs could be useful. The guide aims not to be overly prescriptive, but provides pointers to relevant resources and use cases that may support decision-making around utilising PETs.

Challenges and limitations of PETs

PETs are not a silver bullet. No single PET will fully address the privacy challenges inherent in a data-driven system, and PETs should be applied as part of a broader privacy design that includes appropriate access controls, audit trails, and information governance arrangements.

The Adoption Guide highlights some of the technical limitations of specific PETs, which are also described on the What are PETs? page. Additionally, there may be more general challenges around adopting PETs effectively, including:

• A lack of appropriate technical expertise: given their relative novelty and complexity, organisations may require specialised technical expertise in order to implement emerging PETs effectively.
• Financial cost: procuring the required expertise and technical infrastructure can be costly. When embarking on a project leveraging PETs, an appropriate cost-benefit analysis should be conducted.
• Misuse of PETs: it is possible that PETs could introduce transparency and accountability risks, given they enable new mechanisms for confidentially sharing and processing information. Bad actors could take advantage of this to covertly use data in ways that are harmful or unethical.