In the rapidly evolving landscape of data management and privacy, a key concern for organisations is how they can best safeguard individuals’ information and best adhere to the principals of data protection. The answer to their problems may be via the use of Privacy Enhancing Technologies (PETs). This blog explores how PETs not only facilitate compliance with data protection, but also enhance the security of processing, providing the potential, where used correctly, to be a pivotal asset within your organisation.


What are PETs?


PETs are defined by the European Union Agency for Cybersecurity (ENISA) as software and hardware solutions (systems) that encompass technical processes, methods or knowledge to achieve specific privacy or data protection functionality or to protect against risks of privacy of an individual or a group of natural persons. Some examples include PETs that provide input privacy and reduce the number of parties with access to information you are processing, or PETs that provide output privacy and reduce the risk that people can obtain or infer personal information from the organisation.


Benefits of PETs for your organisation


PETs enable your business to follow the concept of ‘data protection by design’ and can assist in ensuring compliance with data protection principals by providing the following benefits:


  • Reducing the use of personal information to a minimum and ensuring you only process the information you need for your purposes;
  • Maximising the security of the information held, amongst other benefits;
  • Implementing anonymisation and pseudonymisation solutions;
  • Reducing the risk that follows from a personal data breach by ensuring personal information accessed is unintelligible to anyone not authorised to access it; and
  • Providing a mechanism for companies to further analyse personal information (for example by creating the ability to share, link and analyse personal information in a way that gives your organisation valuable insights into data).


Organisations should however note that PETs are not an automatic fix to be used in replacement of standard data protection safeguards. As an organisation, your processing must still be lawful, fair and transparent. Before incorporating PETs into your organisation, you must ensure that your system is sufficiently mature and that you have the requisite expertise and infrastructure to implement it. As per the Information Commissioner’s Office’s guidance, an organisation may want to look into the implementation of a PET at the design phase of a project, particularly where such project is data intensive and involves potentially risky uses of personal information. When implementing a PET, you must consider carefully how your organisation will comply with the data protection principles.


If you would like to learn more about PETs and how they can benefit your organisation, the ICO are hosting a workshop on the subject on the 20 February 2024, the details of which can be found here: Workshop on privacy enhancing technologies | ICO


Additionally, if you would like specific advice on implementing a PET lawfully, or if you would like to hear more about our Data Protection and Privacy services generally, please don’t hesitate to email or call us today on 0113 207 0000.