Shaping the Future of Data Sharing: The Role of Privacy Enhancing Technologies

Published in

Silence Laboratories

8 min readApr 2, 2024

In an era where data breaches are rising and privacy is a key concern for the general public, protecting sensitive data is a crucial requirement. Not just a compliance requirement but a fundamental human right, privacy needs to be looked at as a design choice rather than a checklist item.

The goal of this blog series is to explore the field of Privacy Enhancing Technologies, or PETs, with a special emphasis on Multi-Party Computation (MPC), a long overdue but revolutionary method of secure processing of sensitive data. This article gives an overview of the different lenses that can be used to study collaboration and privacy of customer data, namely regulatory, technical, and business outcomes, and touches upon key privacy-related aspects which will be discussed further in depth in the upcoming blogs.

A. Navigating the regulatory landscape

Increasing emphasis on personalized customer experience as a means for achieving competitive advantage comes at a tradeoff with data privacy. In an effort to mitigate this, countries across the globe have shown a growing interest in establishing regulations that help create certain standards for data protection.

Currently, at least 80% of the countries in the world have some sort of legislation implemented, or drafted, for data protection and privacy[1]. Some of the prominent ones that have been implemented in the recent past include the General Data Protection Regulation (GDPR) in Europe (2018), the California Consumer Privacy Act (CCPA) in the US (2020), Personal Information Protection Law (PIPL) in China (2021), and Digital Personal Data Protection Act (DPDP) in India (2023).

Regulating authorities worldwide have recognized the urgent need for privacy, as evidenced by the emergence of such laws. From the data fiduciaries’ perspective, some prominent themes that emerge from most of these regulations are listed below:

1. A data fiduciary is responsible for protecting user’s data and would be held accountable in case of any incidents of breach or non-compliance

DPDP, India: “Chapter II. 8. (5). A Data Fiduciary shall protect personal data in its possession or under its control……by taking reasonable security safeguards to prevent personal data breach” [2]

2. Data fiduciaries are required to take reasonable technical and organizational security measures to protect customer’s personal information

GDPR, EU: “…the controller shall……implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles” [3]
PDPA, Singapore: “An organisation must protect personal data in its possession or under its control by making reasonable security arrangements….” [4]

In essence, data fiduciaries/processors are accountable for protecting the privacy of customer financial data, are required to take stringent security measures for the same, and could be fined with heavy penalties in case of non-compliance or breach incidents. With these regulations evolving rapidly and rising data breaches, the topic of privacy more often than not becomes a pain point for these organizations.

In light of these challenges, government bodies have begun recommending Privacy Enhancing Technologies (PETs) as a means for data collaboration and privacy. Recent publications include the Information Commissioner’s Office (ICO), UK guide[5] for using PETs and how they can help with data protection regulations, the Hong Kong Monetary Authority (HKMA) recommending usage of PETs for data collaboration use cases[6] such as alternative data credit scoring, and UN Guide on PETs [7].

Some of these resources discuss how PETs can help organizations meet key principles mentioned in these legislations, such as data limitation, minimisation, data completeness, accuracy, consistency, and data erasure, encryption and anonymisation. In our upcoming blogs, we would further deep dive into these principles, and the manner in which PETs assist in adhering to these.

Later, we will briefly touch upon what are these PETs which have been recommended as a solution to the data privacy problems.

B. Unlocking the true potential of data

Even having met the regulatory requirements mentioned earlier, businesses currently are unable to foresee the outcomes and benefits they could expect if the true value of data via collaboration could be properly and securely harnessed. A complacent mindset of just meeting the bare minimum compliance makes businesses lose out on the value that data which they don’t possess holds.

A report by McKinsey[8] suggests that the economic impact of open data ecosystems could range from about 1 to 1.5 percent of GDP in 2030 in the European Union, the United Kingdom, and the United States, to as much as 4 to 5 percent in India.

For businesses, this could translate to better accomplishment of their vision for the customers. Some studies below in the financial services sector showcase how organisations leveraging data via collaboration improved their business outcomes:

A recent research by Monetary and Economic Department of the Bank for International Settlements found out that post the introduction of CCPA, the loan application to FinTechs increased by 14.6%, increasing FinTech’s market share by 3 percentage points, owing to the privacy protection offered by CCPA, making applicants more willing to share data, thereby improving the FinTech’s screening process[9]
A study by Experian, analysed the impact of incorporating energy-utility data in evaluating a customer’s creditworthiness, and concluded a significant improvement in credit file thickness, risk segmentation, and credit scores, with 77% population witnessing an increase in score[10]
Another research by National Bureau of Economic Research on Upstart Network Inc., operating in the personal loan space shows complementing alternative information sources such as education and employment history along with traditional credit report variables would lead to better prediction of default rates and broader access to credit to those with thin short histories[11]

As it is said, a company’s model and the insights they generate are only as good as the input data. Better the data, richer the outcomes. Therefore to yield better outcomes, collaboration between organisations is paramount to share information with each other, while respecting customer privacy.

C. Emergence of Privacy Enhancing Technologies (PETs)

While data at rest and during transit has been adequately protected by proper encryption standards, data in use exposes the information to the processing party, and remains a vulnerable aspect in the data journey. As a result, PETs have emerged as a promising path to counter such exposure, and pave the way for the future of data privacy. As the name suggests, Privacy Enhancing Technologies preserve the privacy of customer data while processing, without compromising on data’s usability. These technologies are based on advanced cryptographic and statistical techniques, which were earlier infeasible due to limited processing capabilities. With the advent of modern computing power, these once-infeasible methods are now not only possible but are revolutionising our approach to data security and analysis.

Need for privacy and collaboration has been driving the market for Privacy Enhancing Technologies, which currently stands at $2.4B, and is expected to grow at a CAGR of 26.6% over the next 10 years, reaching a value of $25.8B[12]. Adoption is driven majorly in the US and UK geographies, and BFSI, IT, and Telecom industries.

As we proceed with the series, we will discuss some of these techniques in the context of privacy during data processing and regulatory compliance. Highlighting some prominent PETs and the challenges they seek to address below:

Confidential Computing:

Confidential Computing is a hardware-based secure and isolated enclave (known as a Trusted Execution Environment, or TEE) to execute and process computations,
A physically isolated computation environment ensures the prevention of any unauthorized access to the decrypted data, thereby allowing the processing of sensitive information.

2. Multi-Party Computation (MPC):

Allows joint computation of some function between a set of parties without having anyone learn anything about the inputs shared by other participants
MPC allows for collaboration and distributed computation of data from different sources, where the input parties were unable to share their data with others due to competition or regulations, but wished to get aggregate insights from the data

We would discuss more technologies like homomorphic encryption and zero-knowledge proofs in the blogs to come in greater depth, and suggest how these techniques could not only augment the current practices but also complement each other to provide a holistic, comprehensive, and foolproof privacy solution. We at Silence Laboratories are building libraries for distributed computation based on Multi-Party Computation, and augmenting them with a secure enclave setup for each computing node for an extra degree of security.

These technologies would be useful in situations requiring collaboration, and areas where sensitive information, such as PIIs, and health and financial data is involved. The use cases could span across industries such as finance, healthcare, telecom, etc., including fraud detection and monitoring, open banking and open finance, medical research, decentralized authentication, and many more.

Conclusion

The preceding sections discuss the wealth of information data possesses which positively impacts an organization’s performance and the stringent regulatory requirements of proper data handling and processing practices for customer privacy. The intersection of the two encourages the urgent need for Privacy Enhancing Technologies. We will discuss the exact role PETs would play in empowering organizations to get a competitive edge via privacy by design. In the next blog, we will discuss our thoughts on consent as a misconceived proxy for data privacy during collaboration.

Stay tuned for more insights in this series. Get in touch with us for any solutions catered to your privacy requirements if you’re looking to adopt MPC or other PETs in your company.

About Silence Laboratories

Silence Laboratories is a deep-tech cryptography powerhouse founded by Ph.D. alumni from MIT, USA, and SUTD/NUS, Singapore. We strive to be a de facto MPC product suite, offering developer-focused SDKs and libraries for distributed & privacy-preserving computation, and authorization protocols. Our innovative solutions empower businesses to secure their data and embed zero-trust authentication and authorization products, with cutting-edge cryptographic techniques.