View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Focus
February 23, 2022updated 31 Mar 2023 4:50pm

Why edge computing is a double-edged sword for privacy

Edge computing can help to resolve some of the privacy risks of accumulating personal data, but it can also leave it more exposed.

By Pete Swabey

Computing has oscillated between centralisation and decentralisation since it began. The relative appeal of economies of scale versus personalisation has shifted in response to technological progress and economic conditions. As that suggests, each has its benefits and drawbacks.

So it is with edge computing and privacy. Processing personal information in a distributed fashion, in close proximity to the user, tempers some of the privacy risks that have arisen from the ravenous accumulation of data by corporations – particularly the Big Tech companies – in the past 20 years. But crunching that data on smaller devices, potentially outside the corporate network, could also expose it to interception or loss. “When it comes to privacy, edge computing is both a blessing and a curse,” says Dr James Parrish, assistant professor at the University of North Texas.

Nevertheless, edge computing may prove to be a net-positive for privacy if it catalyses technologies, such as federated learning and homomorphic encryption, that allow organisations to glean insight on their customers without hoarding personal data.

edge computing privacy

Real-time video analysis has been described by researchers as edge computing’s ‘killer app’ (Photo by martinwimmer / iStock)

When edge computing meets personal data

Many commonly discussed edge computing use cases seem impersonal: smart grids, factory floors, robots in fulfilment centres. But in fact, there is reason to believe personal data will accumulate at the edge.

Firstly, industrial applications are not as impersonal as they might seem, explains Dr Blesson Varghese, reader at the University of St Andrew's and principal investigator at Queen's University Belfast's Edge Computing Hub. For example, order picking robots in an e-commerce giant's fulfilment centre – an ideal application of edge computing as they require low-latency data processing to navigate their surroundings – might collect enough data to piece together details of an individual customer's life.

Similarly, researchers have raised privacy concerns about smart grids – another driver for edge computing – as personally identifiable information may be extracted from a household's energy consumption. And the sensitivity of data collected by medical equipment, another commonly cited edge computing use case, need hardly be articulated.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Secondly, edge computing is advancing onto some of our most personal devices. Today, much of the sophisticated data processing that supports smartphone and smart speaker applications takes place in the cloud - the antithesis of edge computing - but these devices are becoming increasingly capable themselves. Since 2020, new models of Amazon's Alexa have housed the company's own AZ1 Neural Edge processor to accelerate voice recognition. Apple's iPhone cameras are now powered by chips that can identify not just faces in general, but those of specific individuals.

Future applications of edge computing are likely to be deeply personal. Autonomous vehicles – should they ever hit the roads – will need ultra-low-latency data processing, explains Varghese, and hence will depend on edge computing in some form. They will also be treasure troves of personal data, tracking their users' whereabouts and in-car behaviour.

Augmented reality, which will require low-latency data processing to support real-time experiences, will be equally intimate. Some AR applications incorporate eye-tracking to understand where the user is looking. In 2019, privacy researchers concluded that eye-tracking data may implicitly contain information about a user’s "biometric identity, gender, age, ethnicity, body weight, personality traits, drug consumption habits, emotional state, skills and abilities, fears, interests, and sexual preferences".

Perhaps most contentiously, edge computing will prove vital for widespread, real-time analysis of faces in CCTV footage. Applications range from identifying individuals deemed to pose a security threat to detecting the mood of crowds. In 2017, researchers at Microsoft described real-time video analysis as edge computing's "killer app".

The privacy pros and cons of edge computing

Thanks to applications such as these, personal data that might otherwise have accumulated in corporate data centres or hyperscale cloud facilities (or not have been collected at all) will instead be processed on personal or IoT devices, on industrial equipment, and in local data centres.

Much of the debate on the privacy implications of edge computing concerns the risk of theft or interception by malicious actors. Here, edge has pros and cons.

On one hand, edge computing presents less of a "gold mine" to cybercriminals, explains Dr Matthew Schneider, assistant professor at Drexel University. "An edge device with one student’s data is less desirable than a cloud database with 1.2 million students’ application records," he says.

But this benefit is tempered by the fact that certain edge devices may be easier for malicious actors to physically access. And given their comparatively limited computing power, they may be less capable of security precautions such as encryption. "The resource constraints of a lot of these edge devices makes securing them and keeping data private much more of a challenge than if you were pushing it to a big [cloud computing facility]," says Parrish.

An edge device with one student’s data is less desirable than a cloud database with 1.2 million students’ application records.
Dr Matthew Schneider, Drexel University

At the same time, Varghese argues that monitoring the security of devices from local edge facilities will prove more effective than attempting to do so from the cloud. "We know that monitoring internet-connected gadgets in a centralised way is not feasible, because monitoring methods don't scale to that extent," he says.

"If you have these more decentralised [edge] zones, where you monitor devices, you probably end up being more effective in ... catching the intent of an attack and locating it early on."

Edge computing and privacy compliance

Edge computing is also, arguably, a double-edged sword when it comes to privacy compliance. Maintaining compliance while using global cloud computing services is made complex by divergent privacy regulations. Indeed, the legality of storing European citizens' personal data in US-based cloud facilities is still ambiguous, following the European Court's Schrems II ruling.

Varghese foresees a use of edge computing in helping companies manage personal data in adherence to local laws. Edge computing "gives us the unique opportunity... to enforce privacy by placing certain localised proxy policies that will not allow certain types of data to leave that legal jurisdiction," he says. Varghese sees glimpses of this in GAIA-X, the EU's federated model of cloud infrastructure that aims to allow national governments to apply local laws to cloud-hosted data.

At the same time, edge computing could further complicate notions of what counts as personal data and who owns it. This is already evident in the case of connected cars, which routinely transmit data back to their manufacturers – originally to aid maintenance but increasingly used to serve targeted advertising too. A survey of European motorists found that just 29% would be happy to share 'their' vehicle data, with most opposing it for privacy reasons. But a study by researchers at Harvard Law School found that this data is “most likely [owned by] the company that made your smart car”.

Cloud computing and privacy regulations have so far been uncomfortable bedfellows, with civil society's notions of privacy sitting ill at ease with the technological complexities of data management in the cloud. Edge computing could prove just as awkward.

Edge AI and data minimisation

An organisation's privacy risk grows with the amount of personal data that it collects. But the growing sophistication of data analysis, including AI, means that the insights that can be drawn from this data are, for many companies, worth the risk.

This explains the growing disconnect between companies and their customers. A recent survey of US business decision-makers by accounting firm KPMG found 70% had increased the collection of personal data in the last year. But the same study found that data privacy is a "growing concern" for 89% of consumers.

Edge computing could help break the link between insight and personal data accumulation by catalysing what Schneider describes as 'data minimisation'. This describes the impetus to collect only as much data as necessary to glean useful insight.

A number of emerging technologies promise to drastically reduce the amount of personal data required to gather insight. One is federated learning, in which machine learning algorithms process data on edge devices, such as smartphones. Rather than aggregating the underlying data, it is the locally trained models that are aggregated in the cloud, explains Varghese.

Other examples include differential privacy techniques such as homomorphic encryption, in which data is encrypted in such a way that it maintains statistical characteristics, so it can be analysed without being decrypted. Another is synthetic data, in which a small collection of data is used to generate a large dataset that has the same characteristics.

All these techniques can be applied to personal data at the edge, allowing companies to accumulate insight, not privacy risk. In this model, the edge of the network serves as a new perimeter, preventing personal data from entering the organisation's core but letting insight through. "We've had the era of big data," says Schneider. "Now we might be going to small, meaningful data."

He points to the example of Zenus AI, a behavioural analytics company that detects the mood of shoppers on CCTV footage. Data processing is conducted on an edge device, with only aggregate statistics being shared with the store operator. No personal data is stored anywhere (Schneider conducted a privacy assessment for Zenus AI).

For a generation of business leaders trained to prize data, this approach would require nothing short of a revolutionary change in mindset. "One problem is that the valuation of a lot of companies is based on the data they own," Schneider explains.

As a result, he does not believe this will be a mainstream strategy. "I think there will be one company out of 10 in each space that positions their brand on privacy," he says.

Nevertheless, Schneider is optimistic that edge computing can have a positive impact on privacy, as long as privacy experts and data ethicists are involved in its development. "You need people that truly understand the privacy process to work as an interface between your data scientists... and your business leaders," he says. "As long as these people can get to the table, I am optimistic about less data being collected using edge devices."

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.