How Privacy Enhancing Technologies can advance responsible data sharing

1 Introduction

Privacy Enhancing Technologies (PETs) are transforming how organizations handle sensitive data, creating new pathways for effective and responsible data governance. This was demonstrated during the 55^th session of the United Nations Statistical Commission in 2024, where a dedicated side-event explored the topic of “Enabling responsible access to sensitive microdata using PETs”. The side-event featured three presentations:

An overview of the motivations for, and applications of, PETs in official statistics,

Building on the learnings from this side-event, this issue of the Statistical Journal examines how National Statistical Offices (NSOs) can leverage PETs to facilitate secure access to and responsible governance of sensitive data.

2 The role of data in official statistics

NSOs collect and process data from multiple sources, including surveys, censuses, administrative data and private sector data, with the objective to provide relevant and trusted information to society and to inform public policies with the best available evidence. Many of these data sources contain sensitive information about people or businesses. NSOs want to protect the confidentiality and privacy of such data and are indeed required by their statistical legislation or, for example, by the General Data Protection Regulation in Europe, ¹ while on the other hand providing society (and especially researchers) with valuable and detailed information. NSOs also want to gain access to sensitive information held by private sector companies, such as mobile network operators (MNOs). Currently, MNOs are very reluctant to give NSOs access to their data due to privacy concerns. In this regard, the Fundamental Principles of Official Statistics ² proclaim – among others – that data for statistical purposes may be drawn from all types of sources, as long as they are treated strictly confidential and used exclusively for statistical purposes.

Today, access to sensitive (micro) data is often highly restricted through special legal agreements and in closed environments, especially in domains dealing with healthcare or population demographics at a granular level. ³ However, researchers, academia, economists or public service providers need to process detailed data to formulate evidence-based policies and unlock societal benefits, but this must be done within a transparent and trustworthy data governance framework that protects privacy and fosters public trust. ⁱ Without effective governance frameworks, data holders are understandably reluctant to share their sensitive data, even when doing so could yield significant benefits to society.

The true value of data for society lies in its potential positive impact – driving innovation, informing evidence-based policymaking, and improving public services, all while adhering to ethical use and privacy protections. At the heart of responsible data sharing is finding the optimal balance between maximizing the societal value of data and the need to protect privacy. PETs offer powerful new ways to manage this trade-off, facilitating novel approaches that can enable NSOs and other organisations to make better use of their data, without compromising on data privacy and confidentiality. The remainder of this chapeau paper will:

Provide a brief introduction to PETs,

3 A brief introduction to Privacy Enhancing Technologies

PETs provide new approaches for navigating the trade-off between the privacy and utility of data. Historically, aggregation and anonymization techniques have been used to make sensitive datasets available for research purposes. However, such approaches have been found to either inadvertently leak sensitive information, ⁴ or critically reduce the usefulness of the data (e.g., if data is only made available in highly aggregated form ⁵ ). The promise of PETs is that they can help to change the balance of this trade-off, increasing the information value by enabling sensitive data to be made accessible at a very granular level, whilst providing mathematically provable guarantees that the risk of disclosure of sensitive data is mitigated. In practice, this means that data holders can have greater confidence that their sensitive data is protected.

PETs can roughly be split into two categories: PETs that protect input privacy, and PETs that protect output privacy. Input privacy focuses on how one or multiple parties can get access to protected data in a manner that guarantees that no private or confidential elements are revealed. Examples of PETs that protect input privacy include remote execution, homomorphic encryption, secure multi-party computation and secure enclaves (also known as trusted execution environments). Output privacy focuses on providing access to data for dissemination purposes in such a way that the output data cannot be used to reverse engineer the original input data. Examples of PETs that protect output privacy include differential privacy and carefully designed synthetic data.

Beyond facilitating greater access to data, PETs also provide novel mechanisms for data governance. Input privacy technologies can empower data holders to specify (and audit) more precisely which queries and computations are permitted, and which conditions must be met before the result of a computation can be shared. This provides data holders with fine-grained control over how their data is used. In other words, this allows privacy and usage policies set by data holders to be automatically enforced through technology, resulting in highly effective and robust data governance. Thus, by deploying appropriate combinations of PETs, new data access programs and collaborations can be created with the risks of data disclosure and misuse significantly reduced.

4 The UN statistical commission and Privacy Enhancing Technologies

The UN Committee of Experts on Big Data and Data Science for Official Statistics ⁱⁱ (UNCEBD) was established by the UN Statistical Commission in 2014 with the mandate to explore the benefits and challenges of using big data for official statistics. The UNCEBD also wanted to practically collaborate on projects using various big data sources and developed for that purpose an IT environment called the UN Global Platform. Recognizing that the granularity of big data sources invokes concerns of data privacy, the UNCEBD created a Task Team on PETs in 2018. This task team brings together experts from NSOs, technology providers, and academia to explore and promote PETs for responsible use of micro-data in the community of official statistics and beyond. The task team pursues this in a number of ways:

Research and guidance: Researching the applicability of PETs for different use cases in official statistics and providing guidance to those institutes which would like to start with applying PETs (see PET Guide ⁶ and PETs Case Study Repository ⁱⁱⁱ ).

Ultimately, the work of the task team and the PET Lab aims to arm NSOs with tools to help them better fulfil their mandate to serve the public by protecting citizens’ data, whilst maximizing the societal benefits derived from that data. As has been highlighted by other organisations including the Royal Society, ⁷ the OECD, ⁸ and the Global Partnership on AI, ⁹ PETs have the potential to be powerful tools for effective data governance, contributing to the UN's broader efforts in this area.

5 Data governance

In 2020, the UN General Assembly committed to improve global digital cooperation, stating that digital technologies have profoundly transformed society while offering unprecedented opportunities and new challenges (Resolution A/Res/75/1). In 2022, the United Nations Secretary-General appointed a High-Level Advisory Board on Effective Multilateralism to identify concrete, actionable recommendations that support a radical shift in international cooperation for the resolution of shared global challenges and the advancement of the 2030 Agenda for Sustainable Development. The “Shift Four” on Digital and Data Governance supported a just digital transition that unlocks the value of data whilst protecting against digital harms. In particular, it cautioned that society still lacks coherent and joined-up data governance mechanisms, with the current data ecosystem remains a complex, adaptive system made up of a very large number of interconnected agents with poor interoperability across regions and sectors. ¹⁰ It thus called for a system for trusted and secure data flows — one that respects sovereignty and supports value creation everywhere, enabling all countries to share in the mutual benefits of data sharing. It further recommended to seek convergence on principles for data governance through a Global Data Compact in a new International Decade for Data.

In May 2023, the Policy Brief ¹¹ of the UN Secretary General on a Global Digital Compact made reference to this commitment and outlined a shared vision on digital cooperation which collectively sets goals and pursues action to safeguard and advance our digital future. This was then further developed in the Global Digital Compact (GDC), ¹² which was endorsed by the UN Member States at the Summit of the Future in September 2024.

6 Global digital compact

The GDC calls for strengthened international cooperation that closes all digital and data divides between and within countries, which will require adequate, sufficient and predictable means of implementation. The goal is an inclusive, open, sustainable, fair, safe and secure digital future for all to enable everyone to reap the benefits and mitigate the risks of digital transformation. The GDC sets out the objectives, principles, commitments and actions to achieve it, of which the fourth objective aims to advance responsible, equitable and interoperable data governance approaches. This incorporates goals related to data privacy and security, data exchanges and standards, data for sustainable development, cross-border data flows and interoperable data governance.

Most relevant to this paper is the aspect of data privacy and security. The GDC states that data governance and regulation have evolved in uncoordinated ways, contributing to asymmetric concentrations of data and capacities to use it. It further states that responsible and interoperable data governance is essential to advance development objectives, protect human rights, foster innovation, and promote economic growth. The increasing collection, sharing and processing of data, including in AI systems, may amplify risks in the absence of effective personal data protection and privacy norms. Therefore, responsible data governance should include protecting data privacy and PETs can play an important role in this regard.

Data governance should also include the AI-readiness of data and statistics. Valid concerns exist about internet search engines and AI chatbots operating as re-distributors of official data. While there have been improvements, AI systems have limited ability to interact with structured data especially due to a lack of available metadata. Moreover, AI systems exercise non-transparent discretion when selecting information sources for generating responses to users’ queries. This lack of transparency can lead to questions about the reliability and accuracy of the information provided. ¹³

Some examples of responsible data governance already exist, such as the National Data Governance and Protection Policy ¹⁴ in Papua New Guinea, which provides a framework for the responsible use, management, and governance of data across public and private sectors in Papua New Guinea. The policy aims to mitigate risks associated with the increased use of data, including data breaches and misuse, by providing clear guidelines on how data should be collected, stored, processed, and used. In Ireland, the Data Sharing and Governance Act of 2019 ¹⁵ aimed, among others, to regulate the sharing of information, including personal data, between public bodies and established the Data Governance Board. In Indonesia, the One Data Policy ¹⁶ Initiative aims to strengthen data sharing and integration arrangement between government institutions and to make better use of government data and official statistics for policy making. The policy is envisaged to become a governance framework that would allow the development of integrated and interoperable data platforms across central and local government through a common standard. In 2020, the European Union introduced the Data Governance Act, ¹⁷ which aims to facilitate data sharing across sectors and EU member states by creating a framework for data intermediation services, data altruism, and common European data spaces, while ensuring secure data reuse and compliance with European data protection standards. Whilst there is a growing number of data governance frameworks emerging around the world, there is still much work to be done to implement these frameworks in practice.

According to the 2024 UN E-Government Survey, ^iv among all 193 UN Member States, 83% have legislation, policy or strategy documents on personal data protection, 82% on cybersecurity, and 47% on misinformation, disinformation or fake news. Strengthened international data governance with the equal participation of all countries is needed to unlock the full potential of digital and emerging technologies. This will require capacity-building for developing countries and the development and implementation of regional and national data governance frameworks that maximize the benefits of data use while protecting privacy and securing data.

7 The role of PETs in achieving the GDC commitments

The GDC contains many commitments for Member States of the United Nations, including:

to draw (by 2030) on existing international and regional guidelines on the protection of privacy in the development of data governance frameworks,

The Task Team on PETs and its UN PET Lab can help in achieving all three commitments.

PETs provide robust mechanisms for ensuring that the practices for data collection, access, sharing, transfer, storage and processing are safe, secure and proportionate for necessary, explicit and legitimate purposes by design. The UN PET Lab strives to develop best practices for implementing PETs use cases in the real world. Furthermore, the Task Team on PETs investigates the legal aspects of applying PETs in practice and develops guidance on how PETs can best be utilized in compliance with national and international law. Moreover, through its educational work, outreach and training, support services, and practical deployments, the Task Team supports upskilling of the staff of NSOs and the broader statistical community. This combined efforts on legal aspects, best practices and education will be key for helping to achieve the mentioned commitments of the GDC.

8 The three papers providing further insights in PETs

As mentioned at the start of this paper, this issue of the Statistical Journal on IAOS showcases three papers on PETs:

9 Concluding remarks

The dynamically evolving data landscape including a broadening national data ecosystem and a growing interest in cross-border data exchange, driven by the ongoing digital transformation of the society, necessitate effective data governance to enable NSOs to leverage data science and new types of data in statistical production. The data governance should include the use of PETs for data sharing and data collaboration across different sectors. PETs can help NSOs to maintain public trust by minimizing the potential risks associated with data mismanagement, such as privacy violations. Applying PETs for data sharing and data collaboration in a secure and trusted manner, is essential amid rapid shifts in the data ecosystem with new data sources from different stakeholders, such as detailed healthcare data, citizen-generated data, or mobile phone data, and with evolving innovative technologies for data collection, processing, and dissemination.

If algorithmic access to data is controlled through PETs, then researchers, data analysts or general data users no longer need to request direct access to individual records of any data set. For example, they do not need to know the medical record of a particular person, if they want to know the prevalence of certain diseases by age, sex, income bracket, geographical region and period of the year. In other words, data privacy concerns could be addressed properly if data access was protected by PETs as a standard practice, like the “https” encryption protocol for cybersecurity on the Internet. This could be the very tangible contribution of the PET community to achieving (by 2030) the commitments of responsible data governance of the Global Digital Compact.