Authors:
Kevin McCarthyPrivacy-Enhancing Technologies (PETs) represent a revolutionary capability that facilitates a delicate equilibrium between privacy and utility within information systems. Going beyond the traditional trade-offs between data utility and data protection, PETs fundamentally enable the support of both these interests. This harmonization of often conflicting concerns empowers AI systems to become more impactful, just, and ethically sound. Consequently, PETs are increasingly recognized as “tools that uphold democratic values” due to their capacity to foster innovation in alignment with shared democratic principles such as privacy, freedom of expression, access to information, transparency, fairness, inclusion, and equity. Recognizing the contrast in how democratic and autocratic societies leverage and benefit from emerging technologies, we advocate for the expanded utilization and heightened awareness of PETs. To sustain and advance these endeavors, it is valuable to initially assess existing initiatives and shed light on the progress achieved thus far. This foundational step precedes the call for additional and incremental efforts to further enhance the impact of PETs.
Advancing a Global PETs Policy
Promoting global PETs policy development is a multifaceted undertaking that requires:
1. Collaboration on international projects aimed at progressing the development and utilization of PETs.
2. The evolution and establishment of policies by both national and international entities to craft fresh regulations, guidelines, and best practices.
3. Investments in education across diverse fields to prepare upcoming professionals with the necessary PET skills.
4. Advocacy for policy development, backed by real-world data and evidence provided by individuals, companies, and industry associations, to expedite and enrich PETs policies directly from the field.
We will touch on each of these facets here, with the intention of highlighting early advancements and leaders in the space and indicating additional opportunities.
1. International Collaboration on PET Programs
Some promising recent projects involve global collaboration around promoting the development and use of PETs.
Singapore PET Sandbox
The Singapore government launched a PET Sandbox in 2022 for companies to work with trusted PET providers to develop use cases and pilot PETs. The Sandbox provides regulatory support so companies can confidently deploy PETs. The PET Sandbox has an international focus: in the Asia Tech x Singapore 2023 Roundtable, more than 20 local and foreign representatives from industry, chambers of commerce, academia, and policy agencies discussed how programs like the Sandbox can catalyze PETs adoption. Recently, Singapore’s Infocomm Media Development Authority (IMDA) announced a partnership with Google to support local testing of Google’s new Privacy Sandbox within the PETs Sandbox as a way to support Singaporean AdTech firms, publishers, and developers in preparing for a privacy-first future.
U.K.-U.S. PETs Prize Challenge
The U.K. and U.S. governments joined forces to “unleash the potential of these democracy-affirming technologies” through a series of PETs prize challenges. The winners were announced at the Summit for Democracy in 2023. (Inpher was one of three winners in Phase 1.) The prizes were intended to advance the real-world application of PETS by setting two challenges that address practical data privacy concerns: identifying financial crime and bolstering pandemic response capabilities.
UN PET Lab
As of 2022, the UN Committee of Experts on Big Data and Data Science for Official Statistics is running a pilot program with several National Statistical Offices (NSOs) to demonstrate that PETs can enable fully compliant international data sharing
2. Global Developments in PETs Policy and Regulation
Lack of clarity about how PETs map onto existing regulations prevents organizations from harnessing their potential. Still, there are notable developments in guidance and policy, nationally and internationally. The following is a sample.
United Nations – Guide on Privacy-Enhancing Technologies for Official Statistics
Drafted with experts from the statistical community, private sector, academia, and civil society, the impetus of the guide is “the societal benefits of improved and safe sharing of relevant micro-data for better public policies.” The guide provides an overview of current standards and legislation related to PETs and areas in need of further consideration.
U.S. – National Strategy for Privacy-Preserving Data Sharing and Analytics
This 2023 report from the U.S. National Science and Technology Council (NSTC) represents “a national effort to advance PPDSA technologies.” Privacy-preserving data sharing and analytics (PPDSA) are defined as “methodological, technical, and sociotechnical approaches” that leverage PETs to derive value from data while safeguarding privacy and security. The report defines five strategic priorities, including advancing governance, fostering international collaboration, and building expertise through education. Many of the NSTC contributing organizations have active and ongoing efforts for PETs deployment within and across the U.S. Census Department, Department of Homeland Security, Department of Energy, and Department of Defense.
U.K – Information Commissioners Office Guidance to Privacy-Enhancing Technologies
The Information Commissioner’s Office (ICO) in the U.K. issued guidance in 2023 intended to help larger organizations understand “how PETs can help you achieve compliance with data protection law.” Noting that PETs enable organizations to “obtain insights from datasets without compromising the privacy of the people whose data is in the dataset,” the guidance outlines how PETs can support an approach of data protection by design and by default, in keeping with the GDPR.
3. Educational Investments in PETs
The highly technical and quickly evolving nature of PETs can impede adoption. Educational investments that train workers in a variety of relevant skills help to address these obstacles.
U.S. Privacy Enhancing Technology Research Act
This proposed bipartisan bill (HR4755, Rep. Stevens (MI) and Rep. Kean (NJ)) supports research and workforce development for the advancement of PETs. The bill, while only introduced this summer, calls for measures to ensure a more robust data privacy framework, fostering transparency and accountability among entities handling consumer data. The proposed legislation authorizes research, workforce development, and standards-setting activities at the National Science Foundation and the National Institute of Standards and Technology for privacy-enhancing technologies and calls for government coordination for the development of PETs to ensure responsible data use.
OpenMined and the Private AI Series
OpenMined is a community focused on developing open-source tools for secure, privacy-preserving, value-aligned artificial intelligence. They aim to make privacy-preserving machine learning accessible to everyone and along with a robust community of developers, have created an educational project funded by grants from the UN, NSF, Facebook, and the University of Oxford currently has about 10,000 participants. The section “Foundation of Private Computation” teaches students how to use federated learning (a type of PET) to access and manipulate data on remote devices as well as how to “build privacy-preserving technologies from scratch.”
EPFL, KU Leuven, and an increasing number of academic institutions
Universities around the world are beginning to invest in preparing their students to work with emerging PETs. Located in Switzerland, EPFL is one of Europe’s leading science and technology institutions–and the location of Inpher’s research and development team. Hosting the Center for Digital Trust, events like Applied Machine Learning Days and having proximity to worldwide standards organizations, EPFL continues to lead in Privacy Engineering and PET development. Located in Belgium, KU Leuven trains many of today’s leading PETs developers through its Computer Security and Industrial Cryptography efforts while also organizing a yearly Industry Day around Computing on Encrypted Data (COED) for industrial participants to meet others interested in securing data using PETs. While previous COED events have focused on specific types of PETs, the 2023 Industry Day is dedicated to legal, policy, and government applications. Numerous other academic institutions and departments have similarly joined the PETs efforts, notably: MIT, Carnegie Mellon, USC, University of Illinois, Notre Dame, University of Pennsylvania, Cornell, National University of Singapore, University of Melbourne, and the Universite de Versailles.
4. PETs Policy Advocacy Around the World
Advocacy both by individual companies and by industry associations and consortia can help advance policy around PETs.
OECD Emerging Privacy Enhancing Technologies: Current Regulatory and Policy Approaches
This 2023 paper contributes to Phase III of the Organization for Economic Co-operation and Development (OECD) Going Digital project, which aims to provide policymakers with the tools to design and implement better data policies to promote growth and well-being. Based on surveying OECD members and partner economies, this report is intended to help policymakers and regulators “better consider PETs for privacy protection, and data governance more broadly.” It evaluates the effectiveness of different types of PETs and outlines current regulatory and policy approaches.
The Financial Action Task Force (FATF) Stocktake on Data Pooling, Collaborative Analytics and Data Protection
Under its German presidency, the FATF has prioritized analyzing new technologies. For example, in 2021 the FATF issued a stocktake that used a questionnaire, engagement with public and private sector experts, and a review of case studies to examine new and emerging technologies that can “help financial institutions collaborate and carry out advanced AML/CFT analytics, in line with national and international data privacy and protection legal frameworks.” Two of the four challenges outlined in the stocktake relate to regulatory clarity and governance of data.
Inpher’s Policy Outreach to Promote Responsible Innovation with PETs
Like other companies working on PETs solutions, Inpher actively engages with regulators and other policymakers. Some examples include: congressional briefings to the US House of Representatives, responses to a request for comments by the U.S. National Institute of Standards and Technology (NIST) on a draft Privacy Framework, consulting on the draft Data Sharing Code of Practice for the U.K. Information Commissioner’s Office (ICO) in 2019, and a stakeholder response to proposed measures by the European Data Protection Board (EDPB) on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, including secure multiparty computation (MPC) in 2020. We plan to continue these efforts and look forward to your support as the efforts begin gathering steam!
Conclusion
PETs allow businesses to gain value from sharing data while ensuring personal data protection and data privacy as well as safeguarding commercially sensitive information. A global policy, or multiple that addresses recently emerged PETs would increase opportunities for safe, secure data collaboration and cross-border data flows–to support informed decision-making in a wide range of fields.
Join us here again as we highlight new and needed developments in the PETs space to further promote responsible innovation in a category that works to affirm democratic values for our AI-powered future.