The world of technology and regulation is fast-moving and ever-evolving. Multiple stakeholders impact specific regulations and how they are enforced, even within a single jurisdiction or industry. This leads to challenges we hear about repeatedly from the public and private sectors alike, largely falling into a few categories:
For these reasons, Duality regularly engages with regulators, legislators, and supervised entities to identify and clarify mutual challenges and blockers, as well as how cutting-edge technologies can support compliance requirements while driving business value. A great example of this is a recent engagement initiated by the ICO, the UK’s privacy regulator, which published a public call for views on anonymization, pseudonymization, and privacy enhancing technologies. Not only did Duality submit a response, but we co-developed a case study with the ICO to demonstrate how privacy technologies can be implemented to support GDPR- designed exactly to address the points above.
The ICO is a leader in the wave of regulatory, judicial, and legal action on privacy, AI, collaboration, and how data is used. Some additional examples are:
The truth is that collaboration and data privacy have been the direction of travel for years. Interestingly, the Covid pandemic helped bring this intersection of privacy and collaboration to the forefront, and even further accelerate it. The Pandemic made it glaringly and painfully obvious how more agile collaboration across health agencies and jurisdictions could have produced a different outcome, but also made the practical challenges around this clear, given the sensitivity of healthcare data.
To further hammer home the point, we can look outside of healthcare to a very different world – the criminal one. The fact is that money launderers, fraudsters, and other criminals exploit gaps in collaboration across financial institutions and jurisdictions to perpetrate their crimes. Financial institutions and law enforcement are fighting with one hand tied behind their backs because privacy laws, which are justifiably there to protect the law-abiding public, also have a negative impact in terms of restricting how financial crime fighters can work together by sometimes offering a shield for criminals as well.
It is because of this impasse – the need to analyze sensitive data collaboratively, and the need to protect privacy, security, and intellectual property – that an intersection between this wave of legal changes and technology emerges. There are now technologies available, called “privacy enhancing technologies”, that enable collaboration while complying with data privacy and security obligations (and indeed do so in accordance with the EU Court’s latest decision, which correctly explains that the same data may be pseudonymized to one party and anonymized to another, which has impacts to what type of data can be processed and by whom). These technologies are at the point of maturity that they are ready for production use, understood by regulators, and are, in fact, offering benefits today. Some examples are below:
The bottom line is that today, it’s not enough to simply rely on governance and controls to enable compliance. The world of data, and the value of it, is growing. The way we use data is changing every day (who could have imagined tools like Chat-GPT just last year, and the implications to data privacy and “collaborative AI”?). Regulations are trying to keep up. This means mature organizations aren’t simply responding, but are being proactive – preparing for new methods to analyze data and new ways to protect it – to future-proof their compliance function and their business. Technology has always been a business enabler, and the point is made even finer now – what good is your data, and what good are your models, if you can’t access it while still ensuring compliance? What good is having a business ecosystem of partners and suppliers if you can’t seamlessly share insights without fearing fines? This is exactly where privacy enhancing technologies fit in, and why any mature and responsible organization should be evaluating them immediately. And if you don’t believe us, maybe take it from the UK’s Information Commissioner, who “is recommending organisations to start using PETs to share people’s personal information safely, securely and anonymously [because…] PETs enable safe data sharing and allow organisations to make the best use of the personal data they hold, driving innovation.”
Join our webinar on Jul 26th to hear directly from data privacy, security, and regulation experts and the challenges and opportunities they see in fields such as life sciences and financial crimes.
Helpful information? Follow us on Linkedin.