Share
How does technology fit into the policy community’s understanding of privacy?
As part of CSaP's 2020 virtual annual conference, policymakers and academics gathered in early June for a discussion which explored how differential privacy might be applied, the value of governed and secure data, online harms, and where privacy enhancing technologies fit within the aims of the National Data Privacy Strategy.
In her opening remarks, Dr Natasha McCarthy, Head of Policy at the Royal Society, noted that over the past few years, we have moved from a situation where there were many concerns about the security of data at rest, to a situation where we think more about how we manage data in use, and the ways in which data are used. This realisation sparked the creation of a data management and use: Governance in the 21st century, a project carried out by the British Academy and the Royal Society, proposes a new framework for the governance of data. Based on her experiences with that project, Dr McCarthy has concluded that there is great potential for the use of data, but that there are also potential risks. She suggested that we need to think more about how we can make use of the data that we gather about individuals' use of services. Moreover, we need to think about how that data might be used altruistically while giving individuals and groups control over data about them and ensuring that data systems give them privacy in their everyday lives. Dr McCarthy challeneged the audience to think more about the role of technology, and how privacy enhancing technologies can enable us to better navigate some of the dilemmas involved in data use.
As we navigate these dilemmas, Guy Cohen, the Policy and Strategy Lead at Privitar, noted that different forms of privacy enhancing technologies do different things, and have different strengths and weaknesses. He stressed the importance of understanding the different kinds of privacy enhancing tools available to users, ranging from differential privacy to secure multi-party computation, in order to choose which technology is most applicable and appropriate for your specific privacy requirements. Different privacy enhancing technologies are at different stages in the pipeline and offer different types of privacy. Moreover, they are not distinct, meaing that some may be able to be used in combination.
We do not do enough is to fully understand the privacy threats, says Professor Carsten Maple, Principal Investigator at the NCSC-EPSRC Academic Centre of Excellence for Cyber Security Research at the University of Warwick. He suggests we need to better understand who will learn information from data releases, what information can be learned, and how they are learning that information. Essentially, we need to better understand data transfer, and where data users sit within data management ecosystems. Here, we must also do more to understand the harms that may arise from that learning. Consequently, it is important to recognize and take into account security and privacy considerations when designing a system. Here, both privacy and security may come at a cost, whether in the form of a financial burden, or terms of performance time or accuracy of data. Understanding these trade-offs can allow for informed decisions that look at the system design for that specific context.
This virtual seminar was part of CSaP’s 2020 Virtual Annual Conference Seminar Series, which will be running throughout the months of May and June. To learn more, or to register for your free ticket to attend an upcoming session, please visit our annual conference events page.
Cover Photo by Markus Spiske on Unsplash