By Bibitayo Emmanuel Ojo.
Privacy in the digital age has become a growing concern for individuals and organizations. The internet, which once promised freedom and anonymity, has turned out to be a breeding ground for a wide range of privacy-impairing activities. Users’ personal information such as emails, financial records, and browsing data, are increasingly at risk of being compromised. In light of these privacy threats, privacy enhancing technologies (PETs) have emerged as a viable solution. Although the Nigeria Data Protection Regulation (NDPR) does not specifically reference PETs, its Implementation Framework alludes to privacy by design under Sections 2.6 and 3.2(v) of the NDPR (Implementation Framework 2020)
Meaning of PETs
PETs are a collection of tools and methods designed to protect individuals’ privacy through anonymization and encryption of their personal data. PETs are technologies that incorporate core data protection principles by limiting the use of personal data, increasing data security, and/or empowering users. These technologies offer a range of technical solutions for ensuring secure and private communication and data exchange online. Some common PETs include Virtual Private Networks (VPNs), Tor, end-to-end encryption, and Secure Multi-Party Computation (SMPC). While the use of PETs has increased as a response to growing concerns about data privacy, there are also concerns that these technologies can be used by malicious actors to conduct illegal activities. Therefore, it is essential to strike a balance between privacy and security when utilizing PETs. Primarily, PETs provide users with the necessary tools to communicate and transact securely without compromising privacy.
Types of PETs
- Encryption Technologies: These technologies use algorithms to encode data to make it unreadable by unauthorized parties.
- Anonymity Networks: These technologies protect privacy by obscuring the identity of the user. The most popular of these are proxy networks like Tor or VPNs.
- Differential Privacy: These technologies attempt to disguise user behaviour by adding noise to data. This makes it much more difficult for third parties to link data back to a specific user.
- Access Control Technologies: These technologies enable users to control access to their data by setting permissions for those who can view or edit it.
- Authentication Technologies: These technologies ensure that only the intended recipient can access specific data. This includes biometric authentication, two-factor authentication, and smart cards.
- Pseudonymity Technologies: These technologies allow users to use a false identity or pseudonym online. This prevents third parties from linking data back to a real-world identity.
- Privacy-Enhanced Web Browsers: These browsers are designed to prevent tracking and profiling by blocking cookies, scripts, and other tracking mechanisms.
The use of PETs can help individuals to exercise their right to privacy and protect their data from unauthorized access and exploitation. Companies can also apply PETs to maintain consumer trust and comply with legal regulations on data protection.
However, the effectiveness of PETs depends on their implementation and the user’s ability to use them properly. PETs cannot be seen as a complete solution to all privacy concerns and should be accompanied by good security practices and policies, as well as ethical decision-making by individuals and organizations.
Legal Issues that PETs May Raise
While PETs offer a range of benefits to protecting the data of individuals and organisations, a number of legal issues also beg for attention. Some of the most important legal issues raised by PETs include:
- Compliance with Data Protection Laws: PETs need to comply with various data protection laws that govern the collection, storage, and processing of personal data. For example, a PET solutions for data anonymization must comply with the NDPR or GDPR requirements for pseudonymization, which requires the use of encryption or other technical safeguards to render the data useless to unauthorized parties.
- Legal Liability: The use of PETs can raise questions of legal liability. In the event of a data breach or other security incidents, the use of PETs may limit the ability of organizations to identify the source of the breach or hold individuals or entities accountable. In AA V Persons Unknown (2019) EWHC 3555 (Comm), the unknown person was convicted but was at large because the communication was done via PGD telephone.
- Intellectual Property Rights: PETs may also raise legal issues related to intellectual property rights. For example, PETs that utilize proprietary algorithms or other software may be subject to patent or copyright laws, which could limit their availability or make their use more expensive.
- Ethical and Social Issues: The use of PETs can also raise ethical and social issues, such as questions related to the impact of PETs on personal privacy, surveillance, and democratic values.
The future of PETs is optimistic as more people become aware of and concerned about their data privacy and protection. The demand for PETs is expected to grow, driven by the increasing need for privacy protection in various domains, including healthcare, finance, and education.
While PETs offer a range of benefits in terms of data privacy and security, they also raise challenging legal issues that must be addressed to ensure their successful use and deployment. This requires a multi-stakeholder approach that involves collaboration between technology vendors, researchers, regulators, legal experts and the public to develop and implement best practices in privacy protection.
The development of PETs will also lead to the emergence of new privacy-enhancing business models and ecosystems that provide users with greater control over their data. This will help to build trust between consumers and businesses and will ultimately drive economic growth.