By Jonathan Rouach and Ruben Arnold, Co-Founders, QEDIT
Most of us lock our doors and close our curtains at night. We are aware of the physical threats to our privacy and security, and take great measures to protect them. If we think of our digital privacy as a house however, we are far less diligent. In many ways, we’ve left the doors unlocked and curtains open. Although the prevalence of identity theft and data abuse receives regular mainstream media coverage, carelessness still persists as citizens continue to cede control of their information to giant corporations.
Meticulously reading privacy policies is a major burden. TIME reported on Carnegie Mellon researchers who found that the average internet user would need to spend 76 work days to read every privacy policy they encounter each year. Given the challenges of securing personal data, it’s no wonder that most people click ‘accept’ on privacy policies and hope for the best.
Prior to the big data revolution, personal data was stored ‘at rest’ on firewalled or disconnected computers or even on paper in filing cabinets. Later in the 1990s, public key cryptography kept data mostly private ‘in transit’ between networked computers. This is similar to the evolution of how gold was stored and used over time. Originally, people protected their gold wealth by using vaults (data at rest), and had to employ more sophisticated methods to move their gold (data in transit), before the invention of banknotes – a trusted representation of gold, used to facilitate commerce (data in use). Unfortunately, existing methods used to ensure the privacy of ‘data at rest’ and ‘data in transit’ don’t address the risks associated with data that is ‘in use’ – when it is shared with third parties to achieve some kind of monetary or efficiency gain.
Despite this, progress is being made, and over the past few years governments have begun working to make data privacy the default, not the exception. The California Consumer Privacy Act (CCPA), which came into effect on 1 January 2020, undoubtedly triggered some sleepless nights in Silicon Valley, and the European Union’s General Data Protection Regulation (GDPR) mandates that websites prominently display their privacy information and ask permission for the use of cookies and trackers. The landmark GDPR regulation, which was implemented in May 2018, places unprecedented control over data with the consumer, limiting the capacities of enterprises working in and with EU member states.
The first three decades of the internet era will leave a legacy of loose data and general surveillance, but we should not abandon hope for a better future. Just as new technologies created the data society, new technologies can rein it in. Advances in privacy-enhancing technology (PET) – as acknowledged by a recent World Economic Forum report – have created major opportunities for businesses to use their data without exposing it to third parties. A range of enterprise-ready solutions are already on the market, providing tools that can enable mutually beneficial collaboration with competitors, without compromising the privacy of sensitive business information. These tools are also equipped to solve core business challenges across a diverse range of industries and are critical for many use cases including fraud detection, collaborative KYC, accreditation management, and blockchain privacy.
Aside from a growing range of use-cases, in the GDPR and CCPA-defined compliance era the case for enterprises to explore the latest innovations in privacy-enhancing technology also stands up from a regulatory and competitive point of view. With a simple perspective shift, enterprises can use these new frameworks as the impetus for future growth. Not only do these regulations force industry to take responsibility for protecting the privacy of the individual, they are redirecting the trajectory of enterprise data management towards a more efficient and secure future.
Today there are PET innovations that are tailor-made to address the challenges posed by data privacy regulations and, in turn, can help companies uncover previously closed-off revenue-generating opportunities. The benefits of cross-competitor collaboration have always been clear, but the lack of privacy-enhancing tools historically made these endeavors more of a lofty ambition than a distinct possibility. However, the PET landscape has evolved significantly, to the point that competitors operating in the same ecosystem can collaborate using cryptographic proofs to validate sensitive business data, without revealing the underlying data itself. PET can unlock what was once the forbidden portal, opening up new revenue streams, more efficient business models, and enhanced methods for mitigating risk.
If we imagine the strength of our data privacy in terms of a secure home once more, privacy-enhancing technology can provide a much-needed layer of security that restores individuals’ privacy, while leaving the legacy of loose data and general surveillance firmly in the past. With the latest PET innovations, we can chart a new path forward that restores users’ trust in enterprise handling of their data. So even in a decentralized neighborhood, with windows open and doors unlocked, mutually beneficial collaboration between neighbors in the same ecosystem can be achieved in a secure and efficient manner, ushering in an urgently-needed new standard of data privacy for the next decade.