dossier

Tool: explore privacy-enhancing technologies together

28 February 2022 • 4 min reading time

Privacy-enhancing technologies (PETs) offer huge potential for new collaborative data applications. The typical claim is that organizations can benefit from each other’s sensitive data without disclosing that data. However, these PETs tend to be very technical by nature and it is not straightforward to assess their value in the multidisciplinary teams that are necessarily involved in a real-world business challenge. Note that we talk about teams in the plural sense because a lot of potential business-cases involve combining data over multiple organizations. Our PET decision tree is a supporting tool for inspiring and facilitating multidisciplinary teams that are interested in applying PETs to their (common) business challenges.

Privacy-Enhancing Technologies is a term that covers the broader range of technologies that are designed for supporting privacy and data protection. The development and emerging popularity of using PETs in data processing operations aligns with current discussions around the idea of shaping technology according to privacy principles. The practical impact of legislation such as the General Data Protection Regulation (GDPR) on business cases is changing due to PETs and there is increasingly emphasize on principles such as data minimalization and control of data.

The use of PETs can help organizations to comply with such principles to improve current practices, but also enables new collaborative, privacy-friendly data applications. Similarly, PET solutions can enable applications where other confidentiality issues play a role. One such application is to perform a benchmark over multiple competitors based on their competitive data.

You may readily think of challenges in your own business where PETs may offer a solution. So how do you get started with PETs in your business?

The technical nature of PETs makes it tempting to first focus on the technical aspects of a business challenge to choose an appropriate PET and only involve other disciplines once technical feasibility has been proven. Legal and compliancy experts, often unfamiliar with the technology, are effectively put in a position where they can only approve or disapprove of the solution. Instead, we advocate that this process should have a multidisciplinary team effort from the start. IT architects, data privacy officers, legal and compliancy experts are motivated to create a basic (common) understanding of what PETs are and how they relate to their discipline. This puts the experts in a position to participate in the discussions necessary to design a fitting solution to the challenge at hand and identify potential issues in an early stage.

Rob Guikers, Rabobank Techlab: “Technological and legal expertise are becoming more and more intertwined, combining these specialisms from inception is becoming increasingly important within innovative data collaboration opportunities.”

CBS, KNB, Rabobank and TNO collaborated1 2 in a Brightlands Techruption use case to facilitate multidisciplinary teams in their PET explorations. This collaboration resulted in a supporting tool that consists of several parts:

  • Interactive decision tree for identifying discussion points and exploring PET solutions;
  • Questionnaire view of the decision tree that focusses more on a top-down approach;
  • Guide that provides context, supports the decision tree, and maps PETs to the GDPR principles;
  • Checklist that facilitates the description of business challenge.

The main objective of the tool is to facilitate the process of exploring the potential for several PETs (federated learning, multi-party computation, homomorphic encryption, differential privacy) as solution to your business problem. The tool achieves this objective by confronting the user with multidisciplinary topics and questions that need to be discussed already in an early stage of the process. At the same time, the user can explore the impact of the answers to these questions; for example, how the answers lead to a suggested PET solution. The discussions and explorations will benefit by involving the different experts. Although the decision tree always concludes by suggesting a specific PET solution, the real value is in the questions that lead you there.

Complementary to the business problem approach, the guide can also be used as a starting point for getting acquainted with the PETs enclosed and their legal considerations. For instance, it contains a description on how different PETs can contribute to the GDPR data principles. It can offer new insights and inspiration to revisit business cases that have failed in the past due to data sharing complexities.

Ralph Schreijen, IT Solution Architect, CBS: “Addressing legal aspects when considering the usage of PETs is a mandatory, integral part of the decision-making process.”

As mentioned, the real value of this decision tree lies in the fact that we go through it together. Not only with different stakeholders within the boundaries of our own organization, but with all parties that have an incentive to share data for a common goal, in a privacy-friendly manner. We learned that this multidisciplinary collaboration was essential during the creation of the decision tree and associated documents. Collaboration at this level will become increasingly important in the future – especially to gain understanding as quickly as possible for the legal and privacy-specific rules that can differ per organization. Technology will eventually have to support these rules.

Casper van Ginneken, Business Consultant Innovatie, KNB: “Acknowledging legal considerations and policy aspects in a – by origin – technical solution from the beginning helps tremendously to facilitate the discussion between different disciplines.”

We hope that our tool can make organizations more successful in their PET adventures. We are thinking about next steps to bring this even further. For instance, by adding security and ethics perspectives to the guide, and by including other PETs. If you have feedback or see possibilities to bring the tool to the next level, please reach out to us.

The supporting PET tool is publicly available and can be found on https://decisiontree.mpc.tno.nl/. We encourage you to visit, explore and get inspired!

 

[1] Additionally, we received significant technical support from the TNO UCAPET project.

[2] Maastricht University also participated in the first of two use case phases.

dossier

Identifying high-risk factors for diseases while preserving privacy

16 Sep '21 - 8 min
Machine learning algorithms are widely used to improve health care, for example to identify risk factors for diseases. These algorithms require a lot of data, often... Read more
dossier

Secure and private statistics with distributed Paillier

6 Jan '22 - 9 min
In the last ten years, we have seen a staggering rise in the amount of organizations that collect our personal data. Often, the intentions for collecting such data... Read more
dossier

A targeted, yet privacy-friendly approach for battling poverty

16 Sep '21 - 8 min
It is estimated that half of the Dutch retired citizens entitled to AIO provision are not using it. Targeting and encouraging this group to apply for AIO provision... Read more