Privacy-enhancing technologies (PETs): Protect your data, prevent privacy risks
In a world where data are fast gaining importance, there are also growing concerns over privacy. How do you harness data as an organisation without breaching people’s privacy? Privacy-enhancing technologies (PETs) deliver a series of smart solutions. This article answers five key questions about PETs.
1. What are PETs?
Privacy-enhancing technologies (PETs) are tools and technologies that help you protect personal data and minimise privacy risks. They help you ensure that you use sensitive information as little as possible, process data securely and offer people greater control over their own data.
2. What will PETs do for you?
PETs enable you to analyse and share data without compromising privacy. This allows you to comply with strict privacy regulations such as the GDPR. Using PETs enables you to prevent data breaches and the misuse of personal data. It also builds trust in that it shows that you are taking privacy seriously.
Guusje Chabot is the RINIS business consultant who represents the organisation as part of the core team of the national innovation centre for privacy-enhanced technologies (nicpet): 'Using PETS intelligently enables your organisation to handle data sensibly as well as ensure privacy. This sees you leverage the power of data without risk to your clients or your reputation.'
3. What are some examples of PETs?
Various types of PETs exist which can be used for a variety of different purposes:
- Encryption: Data are encrypted in such a way that only authorised persons have access to them. Data you do not have cannot be misused or lost.
- Pseudonymisation and anonymisation: Personal data are made unrecognisable, e.g. by replacing names with codes.
- Homomorphic encryption: PETs enable you to run calculations on encrypted data without first decrypting them. This is used to analyse financial transactions or in medical research for instance. Doing so allows you to use data without actually ‘looking inside’ the data themselves, thereby violating clients’ privacy.
- Multi-party computation (MPC): Multiple parties are able to jointly analyse data without having to share sensitive information. This enables you to get answers to questions without the other party noticing that questions have been asked.
- Federated analytics: The data remain with the organisation, but organisations are able to share their analyses. This dispenses with the need to arrange central storage of data and organisations remain responsible for their own datasets.
Authorities can use PETS to exchange sensitive data about citizens, social security or crime. But equally to exchange data with external parties for purposes such as poverty reduction, healthcare innovation or mobility issues.
Guusje: ‘There are PETs that allow for dataset comparisons and filtering out specific ‘matches’’. And you get to do so without actually sharing all of the data. Now that’s data minimisation. You only use the data that answer your question, nothing more.'
4. Why is using PETs important at this point in time?
The amount of data is mushrooming and privacy rules are increasingly more clearly defined. Organisations need to show they are using the personal data they exchange with due care.
Guusje: 'PETs are not new, but we are seeing a growing need to deal with societal challenges by using data more intelligently. The data required to tackle these issues are often scattered across various authorities. We are also seeing traditional data exchange constructions that have become sub-optimal. PETs bring solutions, but the implementation demands investments in time, money and capacity.'
5. What do you need as an organisation to roll out PETs?
PETs are not a ‘one-size-fits-all’ solution. It takes know-how to leverage them efficiently. Every organisation needs to identify its own privacy risks, map out its own data flows and select PETs that are in line with the specific sensitivity of their data and use cases. PETs work best as part of a wider privacy and data policy. It needs to be clear who within the organisation is responsible for selecting, implementing and administering PETs. It is important to have a solid IT infrastructure in place and sometimes adjustments to systems, processes or data formats are needed. Integrating PETs into the organisation requires cooperation between IT, the legal department and management.
Guusje: 'To ensure effective implementation, it is often necessary to work with knowledge partners or outside experts, especially in the initial phase or when dealing with complex issues. RINIS is on hand to help in this respect too. We provide support at various levels: from hosting and application integration to fully fledged PET-as-a-Service solutions.'
To find out more about PETs and the best ways to implement them in your organisation, get in touch with your RINIS account manager or drop Guusje a line at gchabot@rinis.nl.