The Information Commissioner’s Office (ICO) is recommending organisations to start using privacy enhancing technologies (PETs) to share people’s personal information safely, securely and anonymously.
These types of technologies open unprecedented opportunities for organisations to harness the power of personal data through innovative and trustworthy applications, by allowing them to share, link and analyse people’s personal information without having access to it.
PETs can be used to share anonymised personal information to detect and prevent financial crimes and related harms such as fraud, money laundering, and cybercrimes.
The ICO has launched new PETs guidance, which is aimed at data protection officers and others who are using large personal data sets in finance, healthcare, research, and central and local government.
“If your organisation shares large volumes of data, particularly special category data, we recommend that over the next five years you start considering using PETs.
“PETs enable safe data sharing and allow organisations to make the best use of the personal data they hold, driving innovation.
“My office is committed to supporting UK businesses to develop and innovate with new technologies that respect people’s privacy and this guidance helps them to do that.”
– John Edwards, UK Information Commissioner
PETs can help organisations comply with principles with data protection law by offering a secure environment, building data protection in from the beginning of a project, and minimising the amount of data that needs to be collected and retained.
Mr Edwards is at the G7 roundtable meeting in Tokyo, Japan this week, where G7 data protection and privacy authorities will highlight achievements since the previous roundtable in Bonn, Germany in September 2022, which includes the significant PETs work the ICO has delivered.
The G7 regulators will also be considering data free flow with trust, enforcement cooperation, and other emerging technologies, specifically the recent developments and risks of generative AI technologies from a data protection and privacy perspective.
Mr Edwards said:
“Together with our G7 counterparts, we are focused on facilitating and driving international support for responsible and innovative adoption of PETs, by researching and addressing barriers to adoption with clear guidance and examples of best practice.
“We are also looking ahead at emerging technologies, such as the rapid development and deployment of generative AI technologies, to ensure organisations across the world are innovating in a way that respects people’s information and privacy.”
The ICO has previously supported the UK-US PETs prize challenges, run by the Centre for Data Ethics and Innovation (CDEI), the UK and US governments, to unleash the potential of PETs to tackle global societal challenges in finance and public health. The ICO is continuing to support organisations looking to develop or adopt PETs by collaborating on a PETs cost-benefit analysis tool, in partnership with the CDEI.
Notes to editors
About the G7 2023 Regulator’s Roundtable
Under Japan’s 2023 G7 presidency, the Personal Information Protection Commission (個人情報保護委員会) is convening a G7 data protection and privacy authorities roundtable in Tokyo, Japan on 20-21 June 2023.
The G7 authorities will jointly consider a number of key regulatory and technological driven challenges to data protection and promote effective strategies to maintain high levels of protections for citizens in the context of global digital economy and the requirement for closer cooperation.
The G7 data protection and privacy authorities consist of:
- Office of the Privacy Commissioner (Canada)
- Commission Nationale de l’Informatique et des Libertés (France)
- Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, BfDI (Germany)
- Garante per la Protezione dei Dati Personali (Italy)
- Personal Information Protection Commission, 個人情報保護委員会 (Japan)
- Information Commissioner’s Office (UK)
- Federal Trade Commission (United States of America)
About the Information Commissioner’s Office
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
- The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.