Privacy Talk with Vivian Zhou, Co-founder at Karlsgate: What are the challenges for privacy-enhancing technology in general?

Kohei Kurihara
Privacy Talk
Published in
6 min readMay 21, 2024

“This interview has been recorded on 6th May 2024 and discusses privacy technology, and data management”

  • How has the privacy perception changed among your industries?
  • What are the challenges for privacy-enhancing technology in general?
  • How has the privacy perception changed among your industries?

Vivian: That is a really good question that I’m looking at our client, our client that primarily comes from two industries, media advertising, and healthcare. You find it very interesting. Because these industries actually represent the opposite ends of a privacy spectrum.

Healthcare has been heavily regulated for decades, while media advertising has faced scrutiny since GDPR, due to its invasive practice. So regardless, we see something in common that privacy has become centered due to the globalization of this modern or new privacy regulation like GDPR, and also the rise of AI.

Why? Because AI needs to consume data, and data fuel AI. So actually, the both the sectors, face similar challenges summarized into two.

One is cross border data sharing. Because this is very interesting, you see that by the end of 2023, 65% of the population worldwide actually is regulated by these modern new privacy regulations.

However, the regulations still vary by country. And also some countries are on the way to change moving to the new regulation. So that means the regulations are always evolving cross different geos.

Think about an organization if they operate globally, how can they come up with a one-fits-all approach to manage those massive data flows in and out. That’s one challenge.

The second, is the compliant data utility. How to understand that? So when I say compliance, it is to always ensure data subject rights throughout the whole data lifecycle. Today, data consent management can solve the challenge is to ensure when you use the data, at that moment you only use the opt-in datasets.

However, consent status can be changed and can be easily changed over time. The consumers can opt-in today and , change their mind to opt out tomorrow or even request to delete their information.

And think about the two industries I just mentioned. They all have a large data sharing ecosystem. When consumers opt out or request delete, those records are already shared in a big ecosystem.

How are you going to manage that? It is Mission-Impossible. So those are very big challenges in both industries. I believe that all other industries are facing similar challenges.

Kohei: That’s a very important shifts of the industry. Of course, the healthcare and the media is the key parts of the majority to share this information for utilities. It’s becoming so popular and important.

And you are providing the solutions for these industry, as we call it a PETs, privacy enhancing technology, and there is some of the technical uniqueness in the industry. Not just only for like MPC or computation power are some of the things we can come up the idea.

So in terms of your service, your research and your innovation, so what is the uniqueness? What is the importance notice of the PETs?

What do you want you to achieve through new technology in the problems of the privacy and data protection industry?

Vivian: You mean our solution?

Kohei: Of course, your solution but your technical resources as well.

Vivian: That’s right. So many of the PETs in general, I think all try to address the privacy and data utility challenges, and to balance out two points. The goal is to really maximize the data value but at the same time to protect the privacy.

So you mentioned fully homomorphic encryptions and all those different approaches. They all just try to solve the problem from different angles using different tech.

(Movie: Homomorphic Encryption Simplified)

So as Karlsgare, we are just one of them, but we particularly focus on the PII protection and also enable secure and compliant individual level data linkage and sharing to tackle the data fragmentation challenge.

Because we believe this is a very critical part for all the key data use cases. Think about data measurement, build the model, or like even the KYC. A lot of those activities have a linking of the PII data.

Every time when you link a PII data, it always means a copy of the PII will be shared from a to b, b to c, then that will lead to the PII proliferation challenge, right?

So it’s pretty common in advertising, we have seen the same thing in healthcare,and financial services. So that is why we decided — okay, let’s just tackle this problem, and build a solution for this.

So think of us, Karlsgare as data pipelines, across the fragmented data and tech ecosystem that operate without PII. That is what we do and We believe decentralization is the key to ending data silos.

Our technology empowers every data controller to really regain control of their data, regardless of their size, tech stack, or technical expertise. That is why we design avery lightweight,accessible and affordable solution.

Our goal is to democratize privacy by design within every data flow, and making data more powerful, accessible and protected. This creates a better word for both organizations and consumers.

Kohei: That sounds amazing. Technology has the potential to be used on the march ball proceeds that will be very important for the industry’s side as well. As the next question, we had some discussions about the future of privacy enhancing technology.

But there are some challenges at this moment. Of course, it’s not just only for technology itself, but also there’s some problems on demand in different industries as well. What do you think are the most important challenges for privacy enhancing technology in general?

  • What are the challenges for privacy-enhancing technology in general?

Vivian: Well, we’ll say adoption is the biggest hurdle for all the PETs. So this stems from several factors. This is also a challenge we’re facing to be honest. So first of all, we find privacy,even though we know it’s important, it’s still kind of like compliance or checkbox for a lot of organizations.

So, they know it’s a hot topic, but some organizations still see that as a compliance issue rather than a strategic imperative. So this leads to a lack of dedicated budget and ownership for utilization or implementation of PETs.

Basically there is no owner of this piece of task. And secondly it is stakeholder alignment. Implementing the PETs often requires collaboration between tech team, business team, security compliance team along with the C-level support.

To become everyone’s focus, make a decision and implement a PET means a lot of education, conversation and engagement with all key stakeholders. It is challenging for a tech company.

And the third one is the technical skills gap. some PETs still require a certain level and technical expertise and experience to implement it.

That actually creates the hurdle and that’s also the reason as I mentioned before, when we designed our technology we wanted to make it really accessible and affordable for organizations.

No matter if it is a small company with one or two IT people they can still do it. We believe that’s the only way we could democratize this new tech and make it accessible to everyone, every organization.

So I would say we are still at an early stage, hopefully we can see more and more companies, especially with rise of AI, focus on the ethical way to use data and maximize the value of data, PETs can become something more important at the C-level,really driving the attention not see PET as a piece of tech.

But consider it as an important strategy to really enable business within the whole organization. So I am still very confident I have seen the change even though there’s some hurdles and challenges in front of us.

Kohei: I think your team is globally talented and global members. They work in different divisions to different areas where even the privacy they have the different regulations in the different law.

So do you think there are any specific different demands in each countries just right you are based in Australia, the EU remember is based in the US, maybe there is a different industry in which different companies are located. Is there any specific difference then between the regions?

To be continued…

Thank you for reading and please contact me if you want to join interview together.

Privacy Talk is the global community with diversified expert, and contact me below Linkedin if we can work together!

--

--