Data is extremely valuable in our modern economy, and there is tremendous value in data sharing, both locally and globally. Sharing medical data allows for the development of more effective cancer treatments by letting researchers share information to look for telltale patterns in large data that may be hard to see in small datasets. Sharing of financial records allows law enforcement to protect nations’ citizens from terrorism, fraud, and drug crimes by identifying which individuals are exhibiting indicators of dangerous behavior.
Although data sharing is tremendously valuable for the insights and knowledge that might be derived from shared data, sharing data also brings risks. Medical data and financial transaction data is incredibly private and shouldn’t be widely shared as it can be easily leaked, to the detriment of the specific individuals the data is derived from.
To balance the value from sharing data against the absolute need to protect data and protect privacy, technological solutions such as privacy enhancing technologies (PETs) provide the best of both worlds. PETs are critical collaboration tools for highly valuable data in general – and for the growth of the modern international economy in particular.
However, the use of privacy enhancing technologies needs to be standardized and regulated by government entities, if only to make sure that the technology solutions meet minimum standards for citizens’ privacy. Unfortunately, there are no universal legal regulations for privacy, and thus individual governments are left to negotiate how their citizens’ data could be stored, transferred, and used – both on a local and a global level. As of this writing, 137 out of 194 countries have put in place legislation to secure the protection of data and privacy – and each of those are different.
There is a long history of attempts for US-EU joint regulations of data privacy protections that span the various state and federal US protections and the EU and national European protections, such as the General Data Protection Regulation (GDPR).The EU has generally been highly protective of their citizens’ data, thus driving improvements between trans-Atlantic data sharing and privacy agreements. The Privacy Shield Framework was put in place to provide for data sharing, but it was invalidated due to Schrems II.
On March 25, 2022, the US and EU announced that a new trans-atlantic data transfer pact called the Trans-Atlantic Data Privacy Framework had been agreed to, replacing the Privacy Shield. In short, the US and EU have agreed to enhance the Privacy Shield Framework to enable transatlantic data flows – with appropriate privacy and security protections.
In practical terms, the new agreement includes:
In this context, some of the standardization issues can be addressed with Privacy Enhancing Technologies. PETs can and do provide a secure mechanism for data sharing by enabling institutions to share encrypted insights, instead of directly sharing personal data. In turn, this attains an ethical balance between information sharing and privacy protection – similar to the professed goal of the Trans-Atlantic Data Privacy Framework itself.
Duality Technologies, with our software products that enable privacy software solutions for international data collaborations on sensitive data, is proud to address this large and growing need.