What are privacy enhancing technologies and what is the importance of?

The use of technologies that process personal data is increasingly present in our daily lives, from social networks and banking applications to facial recognition systems in condominiums and Smartwatches. The ease of access and their adoption on a large scale, provided by these technologies drive their adoption, even as provided for in several public policies.

However, today's massive collection and use of personal data raises important privacy questions, such as the creation of detailed profiles by companies and governments that can be used for behavior manipulation, discrimination in selection processes, and even for mass surveillance.

On the other hand, personal data can be valuable for the market and for governments, insofar as they allow us to identify patterns and trends in the behavior of groups and societies in the most diverse spaces. With more accurate diagnoses, it is possible to invest resources in products and policies based on informed decisions.

It is in this scenario that, as a way out for the responsible use of information, emerge the Privacy-Enhancing Technologies (PETs) - technologies that reinforce and enhance privacy. PETs are a set of techniques and approaches that enable business and policies by allowing the collection, analysis, and processing of data, while protecting personal data, the privacy of the owners, and other confidential information.

PET Techniques

With the maturation of personal data protection laws and regulations, together with the market's effort to incorporate practices of Privacy by Design¹, there is an opportunity for the processing of personal data to be done in a more protective manner on a technical level. Next, four categories of PETs, grouped by the Organization for Economic Cooperation and Development (OECD) ², will be discussed.

Data obfuscation tools

The obfuscation technique involves treating personal data locally (such as, for example, on the owner's own cell phone), instead of processing them in the cloud. For its storage and remote access in the cloud, “noises” are added to personal data or its identifiers removed (such as anonymization), preventing the ability to associate it with a person.

The main data obfuscation techniques are:

Anonymization

The anonymization process consists of removing personal identifiers from the data. This means that, after completing the process, the data must lose the ability to irreversibly identify its owner. No longer personal, privacy laws also cease to apply to the processing activities carried out with the data, guaranteeing greater flexibility to organizations³. Because of this regulatory advantage, anonymization is a widely used technique, although it is costly. However, the main challenge of this technique is to guarantee its full effectiveness, in the face of the “mosaic effect”: given the large amount of data collected about individuals, even non-personal and anonymized data, associated with other data within a context, can identify the holders and, thus, resume their character as personal data. In other words, the mosaic effect occurs when anonymized information, when combined with other available data, allows individuals to be re-identified, compromising the effectiveness of anonymization. Even so, the technique makes it difficult to associate the data with the person to whom the data refers, reducing the risks of storing large databases, for example.

Pseudonymization

This technique is defined in art. 13, paragraph 4 of the LGPD as “the treatment by means of which a data loses the possibility of direct or indirect association with an individual, except through the use of additional information kept separately by the controller in a controlled and secure environment”. This means that potentially identifiable information is separated from a base of non-personal information. However, the bases that were separated can still be associated, maintaining the capacity to identify the holders. In other words, it is a reversible process, whose purpose is to mitigate privacy risks and not prevent the identification of the individual, as in the case of anonymization. Because of this, data protection laws continue to apply. Used to store personal data, pseudonymization is a PET that reinforces the privacy practices of treatment agents.

Use of synthetic data

It consists of using artificial data generated from statistical models that mimic the characteristics and patterns of real personal data. For its creation, a sample of real data is selected and, based on a certain technique (such as generative mathematical models), artificial data are generated. In this way, the statistical property of the database is preserved, generating the same conclusions, making it an interesting resource for training artificial intelligence models, testing software development, or executing government open data policies, to name a few examples. The main problem with this technique is the possibility of reidentification, since artificial data can replicate real data, depending on the model used.

Differential privacy

This technique consists of applying noise, calculated mathematically, making simple changes to the raw data. In this way, your personal identifiers are masked, maintaining the value of that group of data, because when aggregated, they remain the same. In the case of public open data policies, for example, this tool reduces the risks of identifying the holders, keeping the relevant information available. There is an opportunity for regulation by the ANPD to define the amount of noise necessary before the publication of the data. The technique is used by Apple to improve its products, without processing personal data.4

Zero knowledge proof

In English Zero-Knowledge Proofs (ZKP) is a method based on mathematical protocols and interactions between two parties - one that has information and the other that wants to verify information. The purpose of the method is to ensure that a party confirms the veracity of a specific information, without this information having to be revealed. This technology can be used to reduce the collection of personal data and ensure a higher quality of the information processed. For example: imagine that a e-commerce you need to verify the age of majority of your customers to sell alcoholic beverages. With this technique, the system can confirm the age of majority without accessing or storing the customer's date of birth. The store only receives a 'yes' or 'no' response, ensuring that the personal data (the exact age) remains private. The technique could also be used to verify whether the income of people who wish to rent a property is sufficient or not, without personal financial data having to be collected. In other words, direct exposure of personal data is avoided, preserving the privacy of the owners.

Data encryption tools

Cryptography is the technique of transforming readable information into an encoded format, making it incomprehensible to those who do not have the decryption key. That is, the information becomes useless for anyone who is not authorized to access it.

Homomorphic Cryptography

The traditional treatment method depends on direct access to the data by the agent. Homomorphic computing alters this logic, allowing the development of analyses on encrypted data, also generating encrypted results. The method mitigates privacy risks, although it is less efficient than traditional methods because of its high computational cost and processing complexity, limiting its use on a large scale. With political incentives for its use, it can be a promising solution for protecting personal data.

Multipart computing

This technique allows different agents to carry out joint analyses on a personal database, without receiving the data itself. The technique aggregates personal data keeping it encrypted or pseudonymized. In this way, security risks can be reduced. This is a technique already used on a large scale.

Intersection of Private Sets

The PSI (in the acronym in English - Private set intersection) enables two or more parties to discover what data is common in their databases, without revealing the elements that do not match. This technique can be used to find matches between different databases without violating individuals' privacy. In this way, it mitigates privacy risks. This technique was used, for example, in applications of Contact tracing during the Covid-19 Pandemic, so that the cell phone notifies the owners about the proximity to people who have been infected.

Safe environments

They are isolated areas within a processor, with the purpose of protecting personal data and sensitive operating system data - including application codes - while maintaining their security, even during use. In these environments, developers can process data and perform sensitive analysis.

Data decentralization tools

Decentralized and distributed analyses aim to process data without centralizing it in a single location, that is, without the need for a single server. For example, to train an artificial intelligence model to recognize faces, the face data may be distributed across multiple cell phones. Instead of collecting all this data on a centralized server to train the model, its training would take place on each device locally, using the data available on that device. Then, what was learned by the AI model on the specific device is shared with the central server, which combines the local learnings to create a global model. Thus, personal data remains only on cell phones.

Tools of Accountability

Accountable Systems

The purpose of these systems is to manage an organization's ability to respond and be responsible for its actions and decisions regarding the use and sharing of personal data. These tools should help companies to maintain data processing activities appropriate to applicable laws, including limiting their use to the initially determined purpose. Despite this, the OECD believes that such systems have not yet been able to gain scalability due to the complexity of their implementation, remaining in pilot stages of development.

Threshold Secret Sharing

This is an encryption tool that creates a multiple key, divided between different parts. This means that the stored information can only be accessed by the total set of parties, so that no individual party has access to the full key. This increases the security of the key and prevents a single entity from having full control over it. Applied to the privacy context, the tool can be used to impose conditions to be met so that the data is available to the controllers - conditions that can be defined by regulatory authorities. Despite presenting an interesting opportunity, its application has been restricted and made available on some cloud platforms.

Personal data management systems

This technique reverses the traditional logic of processing personal data, which is based on collecting and storing large databases to carry out analyses. Instead, the technique transfers control over the storage of their own data to the owner. Thus, it is the owner who defines how and with whom your data will be shared and treated. The main regulatory challenge of this technique is the division of responsibilities between owner and treatment agents for the activities carried out with the data. An example of applying the technique are the European Union's digital identity cards¹.

Conclusion

The use of data collection technologies in various aspects of our lives fuels an unprecedented demand for information. At the same time that such data can be used for innovation and the development of new products and services, the high volume of personal data processed by various actors also raises concerns regarding its protection, ethical and responsible use.

Privacy-Enhancing Technologies (PETs) emerge as a response to the challenge of reconciling innovation and privacy in the processing of personal data. By allowing the collection, analysis, and processing of data in a secure and confidential manner, PETs pave the way for a future where technology can be used to benefit society without compromising individuals' privacy. With greater regulatory incentives to invest in technologies that protect privacy, we can reap the benefits of innovation without compromising our fundamental rights.

—————————————————————

¹ The term can be translated as privacy from conception, as used by the Brazilian legislator in the General Personal Data Protection Act (LGPD - Law No. 13,709/2018). The National Data Protection Authority itself has already used the term in a decision regarding the update of the WhatsApp Privacy Policy (Technical Note 49 <https://www.gov.br/anpd/pt-br/documentos-e-publicacoes/nt_49_2022_cfg_anpd_versao_publica.pdf>).

² EMERGING PRIVACY ENHANCING TECHNOLOGIES: CURRENT REGULATORY & POLICY APPROACHES - item 3.1. Categories of privacy-enhancing technologies (PETs)

³ According to Art. 5, III of the LGPD: “anonymized data: data relating to an owner that cannot be identified, considering the use of reasonable technical means available at the time of its treatment;”.

4 As stated in its Privacy Policy, available at: https://www.apple.com/br/privacy/control/#:~:text=As%20informa%C3%A7%C3%B5es%20coletadas%20usando%20a,dicas%20de%20pesquisa%20no%20Notas.

¹ The eIDAS digital wallet was designed to guarantee secure international transactions by identifying and authenticating the holders. For more information, go to <https://digital-strategy.ec.europa.eu/en/policies/eidas-regulation>

‍

‍