AI systems have an insatiable appetite for data. Rapid advancements mean they are now capable of massive ingestion and use of almost all publicly available data–so increasingly, those working on a variety of AI applications are setting their sights on higher value, more sensitive, and private data assets.
Data protection and privacy regulations around the world have swiftly responded to these developments, drawing crucial boundaries around our data, algorithms, and the platforms they operate on in an effort to protect democratic values and civil liberties. The growing tension between democratic values and AI’s demand for data can be effectively balanced and bridged by thoughtful design, strategic governance, and technical innovation. The emerging domain of privacy-enhancing technologies (PETs) offers new techniques that, while not yet widely understood, hold promise to both innovators and regulators as a means to solve the growing information asymmetries.
In this blog series, we will explore the progress to date, challenges, and opportunities in policy development and regulatory guidance on the use of and support for PETs. In this first post, we will highlight the need for domestic and global PETs policy efforts to raise awareness and unlock the societal benefits PETs can offer, before diving deeper into privacy-preserving data collaboration challenges and opportunities, as well as emerging PETs applications across financial services, healthcare, adtech and more.
What Are PETs?
Privacy-enhancing technologies (PETs) are a broad category of tools and techniques used to enable privacy-preserving analysis and collaboration with sensitive data. Examples of PETs are secure multiparty computation, differential privacy, homomorphic encryption, and federated learning. Given that PETs can help unlock new opportunities in AI, it is perhaps not surprising that Gartner predicts that by 2025, half of large organizations will implement privacy-enhancing computation for processing data in untrusted environments and multiparty data analytics and use cases.
The Governance Gap
Since the field of PETs is evolving quickly, use cases are still relatively limited. It can be a challenge to determine whether PETs are acceptable to use in a given scenario, what specific PET technique to deploy, and what regulation or framework speaks to or supports their use. This governance gap involves a lack of awareness, understanding, policy review, and a dearth of case law, not to mention a complex and differing array of PETs to deploy. The result is that industries and use cases with the potential to benefit from PET capabilities remain slow or unable to adopt them.
Leveraging PETs in global scenarios where data travels across international boundaries is even more complex, yet increasingly necessary. In addition to legal analysis of PETs in each jurisdiction, these scenarios require considering laws that apply to cross-border data transfers. As the 2023 UN Guide on Privacy-Enhancing Technologies notes, “Given the difficulties of being a first mover in an industry to adopt PETs, concrete guidance from regulatory agencies can be a critical step that spurs adoption of new technologies that can improve overall data privacy.”
Closing the Gap
By enabling safe, responsible data use and collaboration, Privacy Enhanced Technologies support better, fairer, and more impactful systems that can improve people’s lives in transformative ways. Many of the companies best suited to benefit from PETs are multinationals operating across numerous regulatory structures. By not providing clear guidance, regulators around the world are holding back PETS and thus holding back global society. Going forward, we look forward to diving into the challenges, opportunities, and progress being made across the PETs landscape. Join us next week as we start by highlighting some of the emerging progress made before diving into the additional work and opportunities ahead for PETs.