Click to Enlarge
The above chart compares a wide range of privacy enhancing technologies (PETs). After listing them, they are classified as using either cryptographic or non-cryptographic techniques (or in the case of Pseudonymisation, both).
The balance of the chart to the right is a “knock-out” analysis of the technologies using a series of evaluation and elimination criteria. In this analysis, once a PET has been eliminated, it is no longer evaluated against subsequent criteria.
The first criteria in column (1) is protection of data during computation for uses such as analytics, AI and machine learning. This is sometimes called protection in use, to contrast it with protection of data at rest and in transit. Encryption is the de facto standard for protection of data at rest and in transit, but is successful at doing so precisely because it renders data unusable for computation and does not protect data when in use.
The second criteria in column (2) considers the ability of the PET to provide results that deliver detailed record level protection. Differential Privacy and cohorts/clusters by definition provide aggregate results rather than record level results and thus fall out at this point.
The third criteria in column (3) looks at how well a PET succeeds at delivering effective protection, while preserving utility comparable to processing cleartext. Each of the PETs receiving a “No” evaluation suffers from an inability to resolve a fundamental tradeoff between protection and utility. Greater protection invariably results in a loss of utility and preservation of utility results in weaker protection, regardless whether the approach adds noise, masks or generalizes values, or synthesizes artificial data.
The fourth criteria in column (4) involves the ability of a PET to efficiently and effectively support AI and machine learning. Multi-party computing fails in this regard as a result of massive bandwidth requirements to coordinate calculations between participating nodes. Similarly, homomorphic encryption is not computationally feasible at the time and data volume scales required by these analytical techniques. And any future advances in computation power will still always leave them orders of magnitude slower than other PETs, which will also benefit relative to today’s performance from the additional computational power and speed.
The fifth criteria in column (5) looks at the ability of the remaining options to enable data-sharing and multi-cloud use cases. Confidential Computing via a Trusted Execution Environment, which has fared well up to this point now also drops out, as by its nature, the trusted execution environments that are used to achieve confidential computing are by design impenetrable silos, antithetical to data sharing.
At this point, the remaining PETs are GDPR Pseudonymisation and Anonos Data Embassy Variant Twins software, which not coincidentally leverages GDPR Pseudonymisation. Among PETs, only GDPR Pseudonymisation simultaneously:
- Protects data during computation for analytics
- Provides accurate (vs cleartext) record-level results
- Reconciles the trade-off between protection and utility
- Supports AI and machine learning
- Supports data sharing and multi-cloud use cases
The sixth and final criteria in column (6) involves the ability to deliver scalable digital enforcement of enterprise-level data protection policies and controlled relinking, which knocks out GDPR Pseudonymisation as at PET standing on its own. Anonos Data Embassy Variant Twins succeed as the remaining PET by combining GDPR-Pseudonymisation with other PETs that do not distort data or add noise (e.g., masking, generalisation, tokenisation, and k-anonymity) and leverages patented technology to enable:
- The use of different pseudonyms at different times for different purposes (i.e., dynamism);
- Controlled-Relinkability that allows relinking from protected subsets of data to the entire original source data sets under controlled conditions; and
- Digital enforcement of Privacy Policies.