Privacy Enhancing Technologies (PETs)

Privacy-enhancing technologies (PETs) are tools that provide for the protection of individual privacy. To determine if a particular technology is a PET, the 1980 Privacy Guidelines established by the Organisation for Economic Co-operation and Development (OECD) is still considered by many as the most useful standard (i.e., a technology tool is considered a PET if any of its functions qualifies or is consistent with the Guidelines). If these Guidelines sound familiar, it’s because this same document introduced the privacy principles that are still being used in most, if not all, data protection laws around the world.
As far as its modern legal context is concerned, the concept of PETs was supposedly established by the European Union’s 1995 Data Protection Directive before being further taken up under Dutch Data Protection Law . According to these policies, individuals and organizations that process personal data must establish “appropriate technical and organizational measures” that ensure the confidentiality, integrity, and availability thereof and protect them from any unauthorized form of processing.
Today, numerous PETs have already been developed to assist individuals and organizations deal with their different privacy management issues. Deciding on which ones to adopt, or if at all, is not always easy. Some of the things worth considering in making one’s choice include the following:
-
Technology maturity. Knowledge about a PET’s level of maturity allows one to determine if it can address the latest issues affecting privacy and/or data protection. There are currently a number of methodologies out there that can be used for this type of assessment by personal information controllers, personal information processors, and even tech developers. One worth looking into is that used by the European Union Network and Information Security Agency’s (ENISA).
-
Balance between privacy-enhancing capabilities and privacy-invasive features. Like most tools, some PETs may still require personal data in order to function or at least serve their purpose. These tools should have clear privacy policies in place, or must be covered by relevant data processing agreements if they are to be any different from other breakthrough technologies.
- Technology lifespan. Even technologies have endings, or more specifically, a predictable lifecycle. It’s not a matter of if they will end, but rather when or how soon. This is another quality they share with other tools: PETs will also deteriorate faster if not managed properly. In this regard, it may be helpful to look into the profile or background of a PET developer, including its services and other products, in order to assess their record of success in technology development and/or management.
All things considered, one should keep in mind that PETs alone cannot solve most privacy issues. They are only meant to assist when one addresses such concerns. Most of the work involved in privacy management remains in the hands of people. In an organization, that usually means everyone—from top management to the data protection officer, other service units, and all the way to the frontline offices.
Meanwhile, technological advancements will continue, for better or for worse. Along with PETs, privacy-invasive technologies will also be right there in the mix . Most of us will embrace them with open arms, mainly because of the significant convenience they bring into our lives. Of course, one hopes that they are being developed while properly informed of the concerns of their intended users through appropriate consultations. But just in case they’re not (and this is most likely the case), people should be responsible enough to study their options and their impact before actually making a choice—especially one that is at the expense of individual freedoms and other human rights.