Guide

Introduction

According to the European Union Agency for Cyber Security, Privacy-Enhancing Technologies (PETs) is a term that covers the broader range of technologies that are designed for supporting privacy and data protection. These technologies incorporate the data protection principles by minimizing personal data use, maximizing data security and/or giving control to data subjects over their data. Examples of PETs include pseudonymization, multi-party-computation, differential privacy and homomorphic encryption. The development and emerging popularity of using PETs in data processing operations aligns with current discussions around the idea of shaping technology according to privacy principles, as new technologies may bring about unforeseen risks. At the same time, legislation is updated to catch up with these developments, such as the General Data Protection Regulation (GDPR) being a main regulator of data privacy within the EU. GDPR obliges organizations i.a. to take (technical) measures to ensure privacy by design and default as data protection principles. The use of PETs helps organizations to comply with these principles.

The benefit of using PETs becomes evident when an organization wishes to tackle challenges in relation to data sharing with another party. Legal regulations like GDPR may render this exchange impossible with traditional data-exchange based approaches. Next to privacy, also (other) data confidentiality reasons can prevent data sharing, even when legislation does not explicitly prohibit this. For instance, due to other regulations or organizational interests, e.g. due to commercial interests or agreements with customers. We therefore do not limit the scope of PETs to only personal data. PETs enable a paradigm where organizations can leverage the information that is stored in sensitive data without revealing the sensitive data itself.

So how does one transit from theory to practice? Acknowledging that PETs might help you to solve a business challenge is only the first step to applying a specified PET to that challenge. Among the many steps that need to be taken, certainly a crucial one is to understand the business challenge at hand and investigate which PET can facilitate a solution. Which data is processed? What is the intended result? Which regulations apply? What are the technical constraints? Which PETs could be applicable? How do we balance technical guarantees (PET characteristics) and legal guarantees (formal agreements)? Although PETs are technologies, this is not a discussion between technical people only – it is a conversation between various stakeholders with diverse expertise. Just like PETs enable privacy-enhanced solutions for single- and multi-organizational challenges, our work enables a multi-disciplinary discussion about PETs in the context of such business challenge.

The tool that we present is a Decision Tree that is designed to support the choice of a PET in the context of inter-organizational data analysis and can be useful when performing a Data Protection Impact Assessment (DPIA).

This document serves as a guide for an organization to use the Decision Tree efficiently and successfully. Its purpose is to facilitate a discussion that involves technical and legal aspects; however, note that it is not a legal document and you should always conduct your own legal assessment before using PETs. The tool itself is available on https://decisiontree.mpc.tno.nl.

The Decision Tree and this document were created by the CBS, KNB, Rabobank, TNO and the University of Maastricht (who was involved in an earlier phase) in a use case of Brightlands Techruption. Both technical as well as legal and compliance experts from the different organizations actively contributed. Brightlands Techruption helps corporate companies, governmental organizations and knowledge institutes partner up, so they can develop innovative solutions through the application of disruptive technologies like AI, MPC, SSI and blockchain.

Reading guide

The Decision Tree and this document are written for innovative departments with an interest in PETs to solve their business challenge. All readers were assumed to have a somewhat technical background in the initial stage, but since then we tried to broaden the scope and terminology to also include non-technical readers – particularly with background in law and regulations.

The intended use of the document, however, relates to complex, multidisciplinary challenges and likewise it is challenging to make the entire document easily readable to everyone. Instead, we think that the best results are obtained if all stakeholders scan this document, read those parts that relate to their expertise, and vocalize those parts in the joint discussion.

The document is structured as follows. Section 2 contains guidance on how the Decision Tree should be used. Section 3 describes the overall scope of the Decision Tree and this document. Section 4 contains several relevant legal considerations regarding PETs, primarily focusing on GDPR. Section 5 describes levels of data-sharing risk mitigations when using PETs. Section 6 contains disclaimers and explanations about the decision tree nodes when needed.

Appendix A gives a summary of the different PETs that are considered here. Appendix B describes different security scenarios when considering PETs. Appendix C describes a non-exhaustive list of