Privacy trend deep dive: The rise of loveable PETs
Introduction
As I find myself working more and more within the crossroads of digital strategy, customer experience, marketing, and privacy, the pending regulatory shifts in Australia feels like the perfect moment to share my insights. Celebrating my (not so) recent certification as a Certified Information Privacy Technologist (CIPT), I'm keen to offer my predictions - or at least, my hopes - for the upcoming trends in these fields.
In my article Top 5 Privacy Trends within the Enterprise Business, I covered this and other trends and would suggest it’s a great pre-read before getting into this deep dive.
The rise of loveable PETs
Foundation
No, not cute furry things, instead Privacy Enhancing Technology (PETs). But what are they? PETs comprise a set of tools and methodologies designed to protect individuals' privacy and personal data. They enable the secure handling of information without compromising functionality or user experience, particularly in data-driven applications like machine learning and artificial intelligence.
PETs often operate on fundamental principles that align with internationally recognised privacy standards:
Data Minimisation: Limiting the collection and storage of personal data to what is strictly necessary for a particular function or service.
Anonymisation and Pseudonymisation: Modifying personal data to prevent direct identification of individuals, while still allowing for data analysis.
User Control and Consent: Empowering users with control over their data, including the ability to provide or revoke consent for its use.
Common Methods and Technologies include:
Encryption: Ensuring that data is readable only by authorised parties, using mathematical algorithms.
Differential Privacy: Adding noise to data in a way that provides robust privacy guarantees but still permits useful analysis.
Secure Multi-party Computation (SMPC): Enabling parties to jointly compute a function over their inputs while keeping those inputs private.
Homomorphic Encryption: Allowing computations to be carried out on encrypted data, so results can be obtained without ever exposing the underlying sensitive information.
Zero-Knowledge Proofs: Enabling one party to prove the knowledge of specific information without revealing the information itself.
Key Benefits of PETs include:
Protection of Personal Data: By incorporating privacy safeguards, PETs prevent unauthorised access and misuse of personal information.
Regulatory Compliance: Implementing PETs can help organisations meet legal requirements, thereby avoiding fines and legal challenges.
Enhanced Trust: When customers and users see that their privacy is respected, it builds trust in the organisation and its products or services.
Enabling Innovation: PETs facilitate research and innovation by allowing data sharing and analysis without jeopardising privacy.
Challenges and Considerations. While promising, PETs are not without challenges:
Implementation Complexity: Some technologies can be complex to integrate into existing systems.
Performance Overhead: Privacy protections may introduce computational overhead, potentially affecting system performance.
Balancing Utility and Privacy: Striking the right balance between data utility and privacy protection can be nuanced and context-specific.
Catalysts
Regulatory shifts. Regulations continue to evolve across the globe making privacy and security teams re-evaluate their organisations current risk exposure and risk appetite. PETs are able to help minimise privacy risks by removing threat vectors.
Customer expectations - 71% of (APAC) customers say it’s important that brands deliver unified, seamless experiences in every interaction, while at the same time demanding more privacy, transparency, clarity and control over their data. PETs are able to provide capabilities that help deliver on these demands.
Continued rise of AI. Increased press, public concern and regulations around AI has made everyone, from big tech to small business, think about the AI services they develops and/or consume. ‘Ethical AI’ is a new buzz word, but the devil is in the detail on what this mean for each organisation that touts it. PETs support more privacy centric and ‘surprise free’ outcomes of AI.
Strategies
As alluded to above, PETs are tools and methodologies, not necessarily products or services provided by vendors. However, it is increasingly important to partner with those who are building these capabilities into their products and services by default, along with easy, self-service configurations and best practice policy patterns. This is a critical point, considering that approximately 76% of data breaches are due to the “human factor”, which includes misconfiguration of tools. Privacy by design goes a long way in minimising these risks.
Tools such as Universal Consent and Preference Management Platforms (UCMPs) and Customer Data Platforms (CDPs) are receiving significant attention recently, as they are "on the front line" of signal collection, data processing, and policy enforcement. Enterprise-grade platforms like these also come equipped with many of the strategies and capabilities needed, such as federated data access and differential privacy for data analysis, collaboration, and activation.
Federated data access and differential privacy techniques enable data analysis and machine learning while preserving individual privacy. Differential privacy, for example, introduces noise to data in a controlled manner, making it difficult to identify individuals within a dataset while still unlocking the value of that data. One example is the topic of 'data collaboration', in which two or more organisations partner to gain insights across their customer base, improving services, marketing, and personalisation efforts. Historically, this may have been achieved by organisations sharing personally identifiable—and sometimes sensitive—information via spreadsheets, including names, email addresses, and more. However, the rise of tools such as Data Clean Rooms (DCRs), and/or CDPs with data clean room capabilities leveraging PETs and methods such as differential privacy, including bloom filters, ensures that individual data points are not directly accessible. This reduces the risk of privacy breaches, allowing organisations to share aggregated insights without exposing raw data, and enabling collaborative analytics, decision-making, and activation of insights or audiences.
Imagine opting in to allow two or more of your favourite brands to collaborate and offer you better experiences across their services. Examples may include:
Your insurer suppressing ads on your favourite streaming service as a perk for being a valued customer.
Your bank helping your utilities surface the right products to support your financial wellbeing.
Your airline collaborating with travel destinations (tourism boards or tour providers) to offer personalised destination experiences.
All of the above could be achieved without sharing any personal information between the organisations, with technology beep bop boop keeping your information safe and private. They wouldn’t need to know who you are—only what you need.
Regardless of the technology, method, or tool that provides them, it is crucial to commit to ongoing learning and adaptation in the rapidly evolving field of PETs. As new technologies emerge and existing ones are refined, staying informed and agile is key to leveraging PETs effectively. This could be accomplished by establishing a dedicated privacy innovation team responsible for exploring and experimenting with emerging PETs, selecting the right strategic partners, and participating in industry forums, workshops, and conferences focused on privacy technology to exchange knowledge and best practices.
Conclusion
By focusing on these strategies, organisations can enhance their use of PETs—not only to comply with privacy regulations, but also to build a competitive edge through superior privacy protection. This proactive approach to privacy and data protection, centred on the thoughtful application of PETs, will be crucial in navigating the future of digital privacy, establishing trust with users, and ultimately achieving better business outcomes.
-
The views expressed are my own.