chinnarach - stock.adobe.com

Royal Society calls on public sector to pilot privacy tech

The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow

Privacy-enhancing technologies (PETs) could help the NHS and other public institutions unlock “life-saving” data without compromising people’s privacy, says the Royal Society.

PET is an umbrella terms that refers to range of technologies and approaches – such as homomorphic encryption and synthetic data – that are designed to maintain an information system’s functionality while minimising the amount of personal data it has access to.

According to the Royal Society, increased PET adoption can benefit a number of applications and use cases, including the use of biometric data for health research and diagnostics; helping to reduce carbon emissions; improving the accountability of social media platforms; ensuring internet of things devices and digital twins have higher privacy standards; and data analysis in crisis or humanitarian situations.

In a report published on 23 January 2023, titled From privacy to partnership, the Royal Society identified healthcare as a key use case, arguing that advances in medical technology (coupled with comprehensive electronic patient records in the NHS and a strong academic research base) mean “the UK is well positioned to deliver timely and impactful health research and its translation to offer more effective treatments, track and prevent public health risks, utilising health data to improve and save lives”.

The Royal Society added that PETs could have significant implications for information flow and insights generation in this context, for example, by combining privacy-enhanced artificial intelligence (AI) and existing medical imaging data to help detect cancer in patients.

However, it said while PETs could help deliver significant public benefits through better data use, their adoption so far had been limited as few organisations, especially in the public sector, were prepared to experiment with new ways of storing, using and sharing sensitive personal data.

Jon Crowcroft, Marconi professor of communications systems at the University of Cambridge, said responsible data practitioners “have been loath to rush in recklessly for fear of emulating the privacy-invasive practices unfortunately widespread in some of the tech sector”, which has ultimately limited the societal benefits of data.

The Royal Society is therefore calling on public bodies to champion these technologies in partnership with small and medium-sized enterprises, as well as for the UK government to establish a national strategy and common standards for responsible PET use.

“Now is the time to agree standards and best practice for PETs adoption to ensure these technologies are used for the greatest public benefit, without compromising the data rights of individuals”
Alison Noble, University of Oxford

This should be accompanied by bursaries and prizes to incentivise and accelerate development of a marketplace for the application of PETs.

“The appropriate use of privacy-enhancing technologies allows more use of data while reducing the risks of breaches of confidentiality,” said Crowcroft. “But before any of these technologies can be used safely, the UK government needs to set out clear legal and ethical standards to allow the public sector the confidence to use data to its full potential.”

Chair of the report’s working group and Technikos professor of biomedical engineering at the University of Oxford, Alison Noble, added although PETs were “already revolutionising the way data is used” – for example, by enabling greater cross-analysis between organisations and fuelling the use of AI in medical diagnostics – public trust in them could be “easily undermined” through hasty implementation or poor communication.

“Now is the time to agree standards and best practice for PETs adoption to ensure these technologies are used for the greatest public benefit, without compromising the data rights of individuals,” she said. “Not only do we need a national PETs strategy, but the public sector should lead by example by trialling and communicating results to the wider public to build trust and demonstrate value for money.”

Barriers to adoption

Looking at current barriers to PET adoption in the public sector, the report said there was a lack of awareness and understanding about their potential use cases and benefits.

“Researchers and analysts are often familiar with traditional privacy techniques (such as anonymisation, pseudonymisation, encryption and data minimisation); for some, it is unclear what PETs can add to these approaches,” it said.

“PETs that enable collaborative analysis include some of the most technically complex and least used to date (such as secure multi-party computation and federated learning). While PETs may be some of the most promising, the risk inherent to using new and poorly understood technologies is a strong disincentive to adoption: few organisations, particularly in the public sector, are prepared to experiment with privacy.”

It added that, without assurance or technical standards, the benefits of PETs will be limited as the cost to organisations of conducting their own cost-benefit analysis of the tech from scratch becomes impractical, meaning the value proposition “remains speculative”.

It further added that, given the foundational governance issues that exist throughout the public sector, such as general data quality and interoperability, unproven technologies such as those that fall under the PET umbrella are effectively deprioritised.

Another significant barrier to wider PET adoption is the role of cryptography, both in terms of the compute power required by energy-intensive approaches like homomorphic encryption, and the fact that cutting-edge expertise on the subject is siloed off in academia.

“This leads to a gap between cryptography expertise and market drivers, such as cost and convenience. As a result, theoretical cryptography ‘risks over-serving the market on security’. Bridging the gap between cryptography talent and entrepreneurs could create viable PETs vendors,” it said.

The Royal Society concluded that while PETs were not a “silver bullet” to data protection problems, they may be able to provide “novel building blocks for constructing responsible data governance systems”.

In June 2022, a series of joint UK-US prize challenges designed to accelerate development and adoption of PETs was launched, with a focus on combating financial crime. The technology developed via these challenges is set to be showcased at US president Joe Biden’s second Summit for Democracy in March 2023.

Speaking at the Global Leaders Innovation Summit at London Tech Week, minister for media, data and digital infrastructure Julia Lopez said PETs could be harnessed to tackle multiple global challenges, from Covid-19 to human trafficking, by enabling insights to be derived from sensitive data while preserving the privacy of the information.

“I’m delighted that the UK and the US are working with regulators on both sides of the Atlantic to help realise the potential of novel PETs to tackle financial crime,” said Lopez. “The UK’s National Data Strategy outlines the promise of PETs in enabling trustworthy data access. PETs have the potential to facilitate new forms of data collaboration to tackle the harms of money laundering, while protecting citizens’ privacy.”

Read more about privacy

Read more on IT governance