Session
Cross-border Data Flows and Trust
Data Free Flow
Data Privacy and Protection
Panel - 90 Min
As the digital landscape continues to evolve rapidly, it brings with it increasingly complex data governance and privacy challenges. While digital technologies - including cloud computing, big data analytics, and artificial intelligence - have often been cast as part of the problem in privacy and data protection, digital technologies can indeed be a major part of the solution as well.
Recent OECD work on emerging privacy-enhancing technologies (PETs) highlights how digital solutions can enable the collection, processing, analysis, and sharing of information while preserving data confidentiality and privacy. The work, which reviews recent technological advancements and the effectiveness of various types of PETs, has identified key challenges and opportunities to help privacy enforcement authorities and policy makers better understand how digital technologies can be used to enhance privacy and data protection, and to improve overall data governance with trust.
Building on the latest OECD work, this session expands beyond the traditional understanding of PETs to explore the multifaceted role of privacy enhancing, empowering, and enforcing technologies (PE³Ts) in fostering privacy and data protection, while enabling the trustworthy use of personal data for growth and well-being: Distinguished panellists will discuss not only how the combination of PETs such as synthetic data, homomorphic encryption and federated learning can enable the trustworthy collection, processing, analysis, and sharing of data, but also explore how digital technologies can be leveraged to enforce privacy laws, enhance transparency, improve accountability, and empower individuals to take more control over their own data. In so doing the session seeks to provide a platform for multistakeholder dialogue, aiming to generate insights into the opportunities and challenges of PE³Ts, exploring how these technologies can foster greater trust in the digital landscape, critically contributing to a safer and more inclusive Internet for all.
We invite all stakeholders, from policymakers to privacy enforcement authorities, from academics and civil society to industry professionals, to join us in this highly promising conversation, as we navigate the ever-evolving intersection of privacy and digital technology. In addition to the online moderator, who will ensure that online questions and comments are addressed in the physical session including by online participants, we intend to have at least two Q&As periods during the session that explicitly involve both onsite and online participants.
Please refer to OECD (2023), "Emerging privacy-enhancing technologies: Current regulatory and policy approaches", OECD Digital Economy Papers, No. 351, OECD Publishing, Paris, https://doi.org/10.1787/bf121be4-en, for further reading.
Organisation for Economic Co-operation and Development (OECD)
Christian Reimsbach-Kounatze (OECD), Clarisse Girot (OECD)
- Ms Clara Clark Nevola, Head of anonymization and encryption policy, Information Commissioner's Office, United Kingdom
- Mr Udbhav Tiwari, Head of Global Product Policy, Mozilla Foundation
- Mr Maximilian Schrems, founder; and Mr Stefan Schauer, IT lead, NOYB, Austria
- Mr Wojciech Wiewiórowski, European Data Protection Supervisor, European Union
- Mr Suchakra Sharma, Chief Scientist, Privado, Canada
- Ms Nicole Stephensen, Partner & Privacy Lead, Information Integrity Solutions, Australia
Christian Reimsbach-Kounatze (OECD)
Andras Molnar (OECD)
Christian Reimsbach-Kounatze (OECD)
Targets: This session aligns with SDG 9 (Industry, Innovation, and Infrastructure) and SDG 16 (Peace, Justice, and Strong Institutions) by highlighting the role of digital technology in privacy protection, enforcement, empowerment, transparency, and accountability for more trust in the Internet landscape. In particular: - By discussing privacy-enhancing, empowering and enforcing technologies (PE³T), the session contributes to the development of reliable, sustainable and resilient global information infrastructures with trust.The session relates to this target by raising awareness about the need for developing effective PE³T for protecting privacy, empowering users, and enforcing privacy laws through digital technologies, while enabling the trustworthy use of data and encouraging technological innovation for growth and well-being. In so doing, the session will contribute to essential aspects for the wider adoption and accessibility of the Internet, given that trust is a major enabler for the use of digital technologies. - By discussing how digital technologies can help enforce privacy and data protection laws, the session will also relate to the promotion of the rule of law at the national and international levels in respect to the protection of privacy and personal data. PE³Ts can support institutions in ensuring legal frameworks are respected and privacy rights are not violated, hence ensuring justice. By examining how digital technology can increase transparency and accountability in the use of personal data by major institutions on the Internet, the session contributes to the promotion of effective, accountable, and transparent institutions online. Last, but not least, the session will highlight how the use of digital technologies can help ensure public access to information and the protection of fundamental freedoms, including privacy and autonomy in accordance with national legislation and international agreements.
Report
Introduction
As digital technologies increasingly intersect with privacy concerns, the OECD's insights on Privacy-Enhancing Technologies (PETs) demonstrate that these technologies can enhance privacy and data protection and foster trust. This workshop built on such foundational work, aiming to expand our understanding and application of PETs to explore the multifaceted role of privacy enhancing, empowering, and enforcing technologies (PE³Ts) in fostering privacy and data protection, while enabling the trustworthy use of personal data for growth and well-being.
Distinguished panelists discussed not only how the combination of PETs such as synthetic data, homomorphic encryption and federated learning can enable the trustworthy collection, processing, analysis, and sharing of data, but also explored how digital technologies can be leveraged to enforce privacy laws, enhance transparency, improve accountability, and empower individuals to take more control over their own data. In so doing the session provided a platform for multistakeholder dialogue, aiming to generate insights into the opportunities and challenges of PE³Ts, exploring how these technologies can foster greater trust in the digital landscape, critically contributing to a safer and more inclusive Internet for all.
Privacy-Enhancing Technologies in Action
Panelists detailed how PETs such as homomorphic encryption and differential privacy can be instrumental in data protection. This included the ICO's approach to PETs as tools for secure data sharing, emphasizing alignment with legal compliance and their role in facilitating safer data practices.
Panelists also shared examples, such as Mozilla's deployment of PETs and their integration into products like the Firefox browser. In this context, panelists discussed the broader implications of PETs in enhancing user privacy without compromising functionality, particularly in the context of advertising.
Digital Technologies and Privacy Enforcement
Panelists also illustrated how digital technologies for automation can streamline privacy enforcement. Insights from NOYB’s approach were shared where digital technologies are used for monitoring and addressing privacy violations effectively, highlighting the potential for scaling enforcement activities using digital tools. In this context the need for ongoing education and adoption of PETs within EU institutions and across its member states was also highlighted.
Proactive Privacy Management and Integration
Panelists later discussed concepts for proactive privacy management through software analysis, proposing methods to assess and ensure privacy from the development phase of software products. Such approach suggested a shift towards embedding privacy considerations early in the technology design process. Panelists also stressed the importance of integrating PETs with traditional privacy management practices. In this context, panelists discussed the challenges and opportunities of adopting PETs in various organizational contexts, emphasizing the need for strategic privacy risk management.
Conclusion and Recommendations:
The workshop underscored the multifaceted role of PETs in enhancing and enforcing privacy within digital landscapes. The collaborative discussions highlighted the importance of integrating technological solutions with regulatory and organizational frameworks to achieve robust privacy protections. It led to the following recommendations:
- Enhanced Collaboration: Encourage multi-stakeholder dialogues to further develop and refine PETs.
- Increased Awareness and Training: Promote broader understanding and skill development in PETs across all sectors.
- Guidance and Best Practices: Develop comprehensive guidelines that help organizations implement PETs effectively.