Privacy Enhancing Technologies (PETs) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals.
The European Union Agency for Network and Information Security (ENISA) defines PETs as:
‘software and hardware solutions, ie systems encompassing technical processes, methods or knowledge to achieve specific privacy or data protection functionality or to protect against risks of privacy of an individual or a group of natural persons.’
PETs link closely to the concept of the Privacy by Design and therefore apply to the technical measures you can put in place. They are also a means of implementing data protection by design within an organization on a technical level.
The following diagram provides a visual taxonomy of PETS, divided in three main categories:
The first category, called user-side techniques, requires the full involvement of the end-user in order to protect his privacy. User-side methods incorporate two fundamental PETs classes specifically, anti-tracking technologies, e.g., ad-blockers and anti-finger-printings; and privacy preserving certification. It also involves two sub-categories, called data perturbation and Secure Multi-Party Computation (SMC), under the obfuscation and secure computation mechanisms, respectively.
The second category, referred to as server-side techniques, requires the server to be firmly engaged with the privacy protection process either by anonymizing data sets for information sharing or valorization, or by performing substantial calculation over perturbated information while collaborating with end users. Server-side methods contain two classes: the Statistical Disclosure Control (SDC) and self-destructing data systems, and two sub-categories, to be specific Private Information Retrieval (PIR) procedures and homomorphic encryption algorithms, under the obfuscation and the secure processing mechanisms, respectively. It is worth noting that the obfuscation and secure computation techniques include both user side and server-side privacy-preserving procedures, and are implemented with respect to the framework's identified objectives.
The third category named as channel-side techniques, specifies the nature of the channel between the client and the server - regardless of whether it is enciphered, encapsulated or encoded - or the nature of the exchanged information which can be intentionally corrupted. Channel-side procedures incorporate secure communications and Trusted Third Party such as anonymizers.
General recommendations - First, it is important to emphasize that due to the diversity of smart applications, different privacy technologies need to be combined to ensure an acceptable level of privacy. Indeed, smart cities combine so many technological components that it is not enough to simply apply privacy technologies to each component. Instead, we advise that the interactions between technologies and data have to be considered to design “joint privacy technologies.” This is especially important because applications start with isolated solutions that get integrated gradually. Thus, one approach to facilitate joint privacy protection is to focus on the interfaces between different systems, on their interactions and in particular on the data flow. For example, different components in a sensor-based application may all deploy independent differential privacy mechanisms before transferring data to the processing layer. Taking this into consideration will help to define appropriate privacy enabling mechanisms for the data storage and processing.
Second, it is crucial to consider the architecture patterns that define the system’s components, responsibilities, and the relationships between them. There are two main architectural design. The first group contains variations of a simple centralized architecture that does not take into account the diversity of attackers and smart city applications. The second group relies on distributed settings that are tailored to specific application areas within the smart city and may induce communication overheads.
Both joint privacy mechanisms and privacy architectures aim to integrate isolated privacy protection mechanisms into more general solutions. In smart cities, this integration is complicated not only by a large number of subsystems, but also by a large number of stakeholders. To implement joint privacy mechanisms in a coherent privacy architecture, various stakeholders should collaborate on an operational level. However, this collaboration can entail privacy risks because it may enable stakeholders to combine data from several sources.