A computer server room

ICO publishes guidance on privacy enhancing technologies

The Information Commissioner’s Office (ICO) has published draft guidance on privacy-enhancing technologies (PETs) to help organisations unlock the potential of data by putting a data-protection-by-design approach into practice.

PETs are technologies that can help organisations share and use people’s data responsibly, lawfully and securely, including by minimising the amount of data used and by encrypting or anonymising personal information. They are already used by financial organisations when investigating money laundering, for example, and by the healthcare sector to provide better health outcomes and services to the public.

The draft PETs guidance explains the benefits and different types of PETs currently available, as well as how they can help organisations comply with data protection law. It is part of the ICO’s draft guidance on anonymisation and pseudonymisation, and the ICO is seeking feedback to help refine and improve the final guidance.

By enabling organisations to share and collaboratively analyse sensitive data in a privacy-preserving manner, PETs open up unprecedented opportunities to harness the power of data through innovative and trustworthy applications. The UK and US governments have launched a set of prize challenges to unleash the potential of PETs to tackle combat global societal challenges, supported by the ICO.

John Edwards, UK Information Commissioner, said: 

“Although the use of PETs is in its early stages, it can unlock safe and lawful data sharing where people can enjoy better services and products without trading their privacy rights. In the UK, one example is the NHS building a system for linking patient data across different organisational domains. Today’s draft guidance is part of my office’s strategy for the next three years, where we will be supporting the responsible use and sharing of personal information to drive innovation and economic growth. PETs have the potential to do that, so we look forward to hearing from industry and other stakeholders on how our guidance can help them achieve this.” 

The PETs draft guidance has been alongside the 2022 roundtable of G7 data protection and privacy authorities that took place in Bonn, Germany on 7-8 September, where the ICO presented its work on PETs to its G7 counterparts and encouraged international agreement for the support of responsible and innovative use of PETs.

As part of this, the ICO will call for the development of industry-led governance, such as codes of conduct and certification schemes, to help organisations use PETs responsibly and to help PETs developers and providers to build the technology with data protection and privacy at the forefront.

Edwards said:

“It’s not just regulators that need to take action – we need the industry to step up, too. We want organisations to come to us with codes of conduct and certification schemes, for example, to show their commitment to building services or products that are designed in a privacy-friendly way and that protect people’s data.”