Authors:
- Paul Comerford, Principal Technology Adviser at the ICO
- Sue Anie, Policy Advisor at the RTA
- Ben Moore, Senior Policy Advisor at the RTA
On Thursday 7 November, DSIT’s Responsible Technology Adoption (RTA) Unit and the Information Commissioner’s Office (ICO) published the Privacy Enhancing Technologies (PETs) Cost-Benefit Awareness Tool. This resource is designed to help organisations understand and assess the costs and benefits associated with adopting a variety of PETs. Alongside this resource, we have also published a checklist to support organisations ensure they have considered these factors.
The tool focuses on “emerging PETs”, a group of technologies that provide novel solutions to privacy challenges in modern data-driven systems. Examples of emerging PETs include: homomorphic encryption, trusted execution environments, secure multi-party computation and differential privacy.
PETs can help organisations across a range of sectors unlock more value from data and drive innovation in ways that can protect people’s privacy. However, uptake of these technologies is low, in part due to challenges organisations face when assessing the costs and benefits of adopting technologies which are still reaching full maturity. This tool, the result of a collaboration between DSIT and the ICO has been developed to support organisations to overcome this challenge.
This work is informed by interviews with industry and academics held through autumn 2023, and builds on an initial blog version published in February this year.
The tool is structured around an example of using a range of PETs for privacy-preserving federated learning; i.e. to train a machine learning model, without centralised data collection or processing, and protecting the privacy of data across the system.
As well as being a widely applicable use case, this example offers a helpful framework for considering costs and benefits associated with a range of PETs. We provide guidance to show how the tool can be used to assess costs and benefits of using PETs across a variety of use cases, including:
- Making data available (in varying levels of detail) to external audiences for research
- Carrying out collaborative statistical analysis on data that cannot be shared directly
- Securing data processing activities in digital environments to protect sensitive information from unauthorised access or other data breaches
The tool includes information on compliance costs and benefits, to help illustrate the ways in which using PETs can reduce the risks to individuals and reducing long-term compliance costs.
The tool features both hypothetical examples and references to real world use cases to illustrate the variety of applications for PETs across sectors. A broader collection of real-world use cases is available to read in our Repository of PETs Use Cases. The repository includes examples of different PETs in use, in a number of different sectors.
Next Steps
Organisations considering using PETs should explore the content provided in this document. The RTA and ICO will continue to work to support organisations to work with data responsibly, including through use of PETs. We welcome feedback from organisations with insights or further ideas to share. You can get in touch at:
