Privacy technologies can allow information to be transferred without disclosing data. Image: Envato Elements
Few would dispute that the current moment in history marks an era when it comes to the uses of digital data in people’s daily lives. Data underpins our existence in ways that not long ago were considered science fiction. Yet, amid all the convenience afforded by the digital assistance we receive through new tools and technologies, has privacy inevitably become collateral damage?
Tech giant Apple updated the iOS 14 operating system last year to allow users to opt out of sharing their data with advertisers on third-party platforms such as Facebook. The effect was immediate. According to Forbes, the move was tied to a potential loss of US$10 billion in ad sales by Facebook owner Meta, or nearly 8% of the company’s annual revenue.
The Apple case demonstrates that as data privacy practices and regulations evolve, companies and agencies will also need to change their strategies. They will have to get insights from the data without sharing the actual data involved. One of the ways they can do this is by adopting privacy protection technologies (PET) – cryptographic tools that allow data providers to share data for analysis in a modified form. and extract information from multiple data sources without disclosing private data.
As GovInsider reported, interagency data sharing can support health efforts and other government-wide projects.
In Estonia, as early as 2015, the country’s education and tax authorities used a PET known as Secure Multiparty Computing to compare datasets to determine if student participation in learning was related to enrollment rates. abandonment. No actual data has been disclosed to either authority.
The governments of Singapore and Estonia have recently taken steps to encourage the adoption of these technologies in the public and private sectors. Both countries are looking to harness the promise of data transfers to drive growth and greater convenience while maintaining high standards of data security in line with regulations, initiatives that necessarily involve PETs.
Singapore’s media and communications regulator, the Infocomm Media Authority (IMDA), and its data regulator, the Personal Data Protection Commission (PDPC), launched the country’s first PET sandbox in July.
The sandbox is an experimental environment in which companies can work with PET suppliers on pilot projects. It aims to reduce the risks of traditional data sharing, open up opportunities for cross-enterprise data collaboration, and unlock more data for use in training artificial intelligence platforms.
PDPC Deputy Commissioner Yeong Zee Kin told GovInsider, “PETs can support the essential elements of a digital economy, namely the seamless transfer of data and the use of data to support innovation.”
By implementing their pilot programs, which will be supported by grants, companies can improve their understanding of which PETs to use to achieve their goals, understand their technical constraints and better understand regulatory compliance requirements.
A travel agency and a telecommunications company, for example, could use secure multiparty computing to understand customers’ travel preferences without disclosing sensitive data, according to IMDA.
Yeong said the PDPC, alongside IMDA, will partner with sandbox participants throughout the life of the program “to identify the real-world regulatory and technical limitations of PETs and provide greater assurance.” companies to innovate with PET while protecting consumer data”. He said this would help the PDPC better understand what regulatory guidance might be helpful in charting the way forward.
Regarding the future of cross-border data collaboration, Yeong said PETs would not be a panacea, as some cases might still require data sharing, rather than just information. However, he said PETs will remain “an additional tool in the toolbox that regulators and compliance officers can use.”
In an initiative known as the Global Artificial Intelligence Partnership, IMDA and the Montreal International Center of Expertise for the Advancement of Artificial Intelligence are collaborating on a project to demonstrate how TEP can activate AI systems in several jurisdictions related to these issues. than climate action and health. PETs can be a key way to overcome data barriers between commercial and government entities.
Singapore has also launched a digital trust center at Nanyang Technological University to further research into PETs and other trust technologies.
“Siri” from Estonia
The same week that the IMDA made its announcement, the Estonian authorities launched a tender for data professionals, both local and international, to develop and expand the use of PETs in the ” Siri of the country’s digital public services – a system named Bürokratt, which aims to provide citizens with voice-activated public services.
Ott Velsberg, Estonia’s chief digital officer, told GovInsider that the country plans to develop a government action plan on the use of PETs so that agencies can securely provide other agencies with access to sensitive data sets based on consent.
Velsberg said the Estonian government’s information systems are decentralized, with each agency maintaining its own data sets. Estonian data regulations state that data may only be transferred between registries for the reasons stipulated in the law, and any further use would require changes to these rules.
He said that by using PETs such as homomorphic encryption — a form of data encryption that still allows for analysis — agencies can transfer information and collaborate on projects without processing people’s information at all. He also said that PETs such as federated learning — a machine learning technique that trains algorithms on multiple decentralized repositories of sample data without exchanging them — can help agencies process data in their own systems and feed this information to develop centralized AI models.
Velsberg said that last December Estonia conducted pilot projects that generated synthetic data based on real data. Synthetic data retains the overall characteristics of a dataset, but does not include any specific information about individuals. This could open another avenue to take full advantage of government-held data.
Consent-Based Data Sharing
Estonia’s pilots run alongside efforts to give individuals more control over their data and give them quick access to third-party services, which have been informed by the understanding that for the government to provide services people, robust consent services were needed.
“We have to respect different spheres of privacy, but at the same time we want to make the most of the data,” Velsberg told GovInsider.
Early last year, the Estonian Information System Authority rolled out a digital consent service that allowed individuals to authorize the state to share personal data with an external service provider. The service currently offers people the choice of sharing credit data from the country’s Tax and Customs Board with digital lender Inbank. The bank can use the data to quickly decide if a person can repay a loan in installments, saving people the hassle of filling out numerous forms to apply for a loan.
Velsberg said the service gives people the ability to get comparative deals, giving them more choices, and even lowers loan interest rates. He said people also have access to a data tracker that gives them insight into what data is being collected on them, who is using that data and for what purpose.
He said more than 15,000 people had already used the service for loans and in the future it could be expanded to facilitate consent-based health data sharing so that private sector entities could offer more personalized health care.
Velsberg said that PETs could in the future help Estonia foster data sharing between government and business by allowing companies to access only encrypted data or even synthetic data.
Earlier this year, a Harvard Business Review report said that the data economy could soon be organized around obtaining insights from consented data, and that sharing that insight would drive the innovation, creating a secure data regime that simultaneously offers increased levels of convenience. . As the trial programs undertaken by Singapore and Estonia show, government agencies and regulators are taking action with PETs to shape the future of such a data regime.