The NHS and the wider public sector institutions should lead the way in piloting Privacy Enhancing Technologies (PETs) that could help unlock “lifesaving” data without compromising privacy, a new report from the Royal Society says.
Research from the UK’s national academy of science says better use of data could have significant public benefits – from cancer research to reaching net-zero carbon emissions.
The report looks at public sector readiness for PETs and calls for public bodies to “champion these technologies in partnership with small and medium-sized enterprises, and for the UK government to establish a ‘national strategy for the responsible use of PETs’”.
What are privacy-enhancing technologies?
PETs are a suite of technologies that can aid organisations in sharing and using people’s data responsibly, lawfully, and securely, including by minimising the amount of data used, and by encrypting or anonymising sensitive information. Examples of PETs include homomorphic encryption, secure multiparty computation, federated learning, trusted execution environments, zero-knowledge proofs and others.
This enables organisations to develop digital systems which take advantage of available information without endangering privacy. They are already deployed by financial organisations when investigating money laundering, for example, and by the healthcare sector to provide better health outcomes and services to the public, but the Royal Society believes wider adoption could bring big benefits.
A national strategy for PETs is among a number of recommendations in the report. Professor Alison Noble, technikos professor of biomedical engineering at the University of Oxford, and chair of the report working group, said: “PETs are already revolutionising the way data is used, from enabling greater cross-analysis between organisations to fuelling AI in medical diagnostics. But public trust is a fundamental component of responsible data use and can be easily undermined through hasty implementation or poor communication.
“Now is the time to agree standards and best practice for PETs adoption to ensure these technologies are used for the greatest public benefit, without compromising the data rights of individuals. Not only do we need a national PETs strategy, but the public sector should lead by example by trialling and communicating results to the wider public to build trust and demonstrate value for money.
“Our report arrives at a time of rapid innovation in PETs, and we hope that through our recommendations the UK will maximise the opportunity to be a global leader in the field.”
How can privacy-enhancing technologies help the NHS and wider public sector?
Healthcare is a key use case identified by the report. Medical technology advances, coupled with comprehensive electronic patient records in the NHS and a strong academic research base, mean “the UK is well positioned to deliver timely and impactful health research and its translation to offer more effective treatments, track and prevent public health risks, utilising health data to improve and save lives,” the research says.
It claims there is “significant appetite” across the public sector to make better use of national data, to drive innovation, support policy-making and improve services.
For example, PETs could have significant implications for information flow and insights generation – such as combining privacy-enhanced AI with existing medical imaging data to help detect cancer in patients.
But few organisations, particularly in the public sector, are prepared to experiment with new methods of storing, using and sharing sensitive data, it says.
Potential applications for PET adoption could include: biometric data for health research and diagnostics; increasing safe access to social media data and accountability on social media platforms; enhancing privacy in the internet of things and in digital twins; collective intelligence, crime detection and voting in digital governance; PETs in crisis situations and in analysis of humanitarian data.
Professor Jon Crowcroft, Marconi professor of communications systems, University of Cambridge, and researcher at large, at the Alan Turing Institute for AI research, said: “There is an ever-increasing amount of data out there, but responsible practitioners have been loath to rush in recklessly for fear of emulating the privacy-invasive practices unfortunately widespread in some of the tech sector. Until recently, societal benefits of data have been limited by this caution.
“The appropriate use of privacy-enhancing technologies allows more use of data while reducing the risks of breaches of confidentiality. But before any of these technologies can be used safely, the UK government needs to set out clear legal and ethical standards to allow the public sector the confidence to use data to its full potential.”
How to adopt privacy-enhancing technologies
The report recognises that PETs are no “silver bullet” for secure data use, echoing the words of Information Commissioner John Edwards, who cautioned last year that the technology must be used responsibly.
The data watchdog released new guidelines for PETs last September to help organisations in the public and private sector “demonstrate a ‘data protection by design and by default’ approach” to data processing.
In the guidelines, organisations thinking of using PETs are advised to perform a case-by-case assessment, through a data protection impact assessment, to determine if PETs are helpful for their work.
Edwards may welcome the Royal Society’s calls for standards around PETs to be developed, given that he said he was hoping industry would take a leading role in coming up with such schemes.
“It’s not just regulators that need to take action – we need the industry to step up, too,” Edwards said in September. “We want organisations to come to us with codes of conduct and certification schemes, for example, to show their commitment to building services or products that are designed in a privacy-friendly way and that protect people’s data.”