Privacy-enhancing technologies: Balancing data utility and security

In the third quarter of 2024, data breaches exposed 422.61 million records, affecting millions of people around the world. This highlights the need for organisations to prioritise user privacy. 

Privacy-enhancing technologies can help achieve this by protecting sensitive information and enabling safe data sharing. 

This post explores privacy-enhancing technologies, including their types, benefits, and how our website analytics platform, Matomo, supports them by providing privacy-focused features.

What are privacy-enhancing technologies? 

Privacy Enhancing Technologies (PETs) are tools that protect personal data while allowing organisations to process information responsibly. 

In industries like healthcare, finance and marketing, businesses often need detailed analytics to improve operations and target audiences effectively. However, collecting and processing personal data can lead to privacy concerns, regulatory challenges, and reputational risks.

PETs minimise the collection of sensitive information, enhance security and allow users to control how companies use their data. 

Global privacy laws like the following are making PETs essential for compliance:

• General Data Protection Regulation (GDPR) in the European Union
• California Consumer Privacy Act (CCPA) in California
• Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada
• Lei Geral de Proteção de Dados (LGPD) in Brazil

Non-compliance can lead to severe penalties, including hefty fines and reputational damage. For example, under GDPR, organisations may face fines of up to €20 million or 4% of their global annual revenue for serious violations. 

Types of PETs 

What are the different types of technologies available for privacy protection? Let’s take a look at some of them. 

Homomorphic encryption

Homomorphic encryption is a cryptographic technique in which users can perform calculations on cipher text without decrypting it first. When the results are decrypted, they match those of the same calculation on plain text. 

This technique keeps data safe during processing, and users can analyse data without exposing private or personal data. It is most useful in financial services, where analysts need to protect sensitive customer data and secure transactions. 

Despite these advantages, homomorphic encryption can be complex to compute and take longer than other traditional methods. 

Secure Multi-Party Computation (SMPC)

SMPC enables joint computations on private data without revealing the raw data. 

In 2021, the European Data Protection Board (EDPB) issued technical guidance supporting SMPC as a technology that protects privacy requirements. This highlights the importance of SMPC in healthcare and cybersecurity, where data sharing is necessary but sensitive information must be kept safe. 

For example, several hospitals can collaborate on research without sharing patient records. They use SMPC to analyse combined data while keeping individual records confidential. 

Synthetic data

Synthetic data is artificially generated to mimic real datasets without revealing actual information. It is useful for training models without compromising privacy. 

Imagine a hospital wants to train an AI model to predict patient outcomes based on medical records. Sharing real patient data, however, poses privacy challenges, so that can be changed with synthetic data. 

Synthetic data may fail to capture subtle nuances or anomalies in real-world datasets, leading to inaccuracies in AI model predictions.

Pseudonymisation

Pseudonymisation replaces personal details with fake names or codes, making it hard to determine who the information belongs to. This helps keep people’s personal information safe. Even if someone gets hold of the data, it’s not easy to connect it back to real individuals. 

Pseudonymisation works differently from synthetic data, though both help protect individual privacy. 

When we pseudonymise, we take factual information and replace the bits that could identify someone with made-up labels. Synthetic data takes an entirely different approach. It creates new, artificial information that looks and behaves like real data but doesn’t contain any details about real people.

Differential privacy

Differential privacy adds random noise to datasets. This noise helps protect individual entries while still allowing for overall analysis of the data. 

It’s useful in statistical studies where trends need to be understood without accessing personal details.

For example, imagine a survey about how many hours people watch TV each week. 

Differential privacy would add random variation to each person’s answer, so users couldn’t tell exactly how long John or Jane watched TV. 

However, they could still see the average number of hours everyone in the group watched, which helps researchers understand viewing habits without invading anyone’s privacy.

Zero-Knowledge Proofs (ZKP)

Zero-knowledge proofs help verify the truth without exposing sensitive details. This cryptographic approach lets someone prove they know something or meet certain conditions without revealing the actual information behind that proof.

Take ZCash as a real-world example. While Bitcoin publicly displays every financial transaction detail, ZCash offers privacy through specialised proofs called Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs). These mathematical proofs confirm that a transaction follows all the rules without broadcasting who sent money, who received it, or how much changed hands.

The technology comes with trade-offs, though. 

Creating and checking these proofs demands substantial computing power, which slows down transactions and drives up costs. Implementing these systems requires deep expertise in advanced cryptography, which keeps many organisations from adopting them despite their benefits.

Trusted Execution Environment (TEE)

TEEs create special protected zones inside computer processors where sensitive code runs safely. These secure areas process valuable data while keeping it away from anyone who shouldn’t see it.

TEEs are widely used in high-security applications, such as mobile payments, digital rights management (DRM), and cloud computing.

Consider how companies use TEEs in the cloud: A business can run encrypted datasets within a protected area on Microsoft Azure or AWS Nitro Enclaves. Due to this setup, even the cloud provider can’t access the private data or see how the business uses it. 

TEEs do face limitations. Their isolated design makes them struggle with large or spread-out computing tasks, so they don’t work well for complex calculations across multiple systems.

Different TEE implementations often lack standardisation, so there can be compatibility issues and dependence on specific vendors. If the vendor stops the product or someone discovers a security flaw, switching to a new solution often proves expensive and complicated.

Obfuscation (Data masking)

Data masking involves replacing or obscuring sensitive data to prevent unauthorised access. 

It replaces sensitive data with fictitious but realistic values. For example, a customer’s credit card number might be masked as « 1234-XXXX-XXXX-5678. » 

The original data is permanently altered or hidden, and the masked data can’t be reversed to reveal the original values.

Federated learning

Federated learning is a machine learning approach that trains algorithms across multiple devices without centralising the data. This method allows organisations to leverage insights from distributed data sources while maintaining user privacy.

For example, NVIDIA’s Clara platform uses federated learning to train AI models for medical imaging (e.g., detecting tumours in MRI scans). 

Hospitals worldwide contribute model updates from their local datasets to build a global model without sharing patient scans. This approach may be used to classify stroke types and improve cancer diagnosis accuracy.

Now that we have explored the various types of PETs, it’s essential to understand the principles that guide their development and use. 

Key principles of PET (+ How to enable them with Matomo) 

PETs are based on several core principles that aim to balance data utility with privacy protection. These principles include:

Data minimisation

Data minimisation is a core PET principle focusing on collecting and retaining only essential data.

Matomo, an open-source web analytics platform, helps organisations to gather insights about their website traffic and user behaviour while prioritising privacy and data protection. 

Recognising the importance of data minimisation, Matomo offers several features that actively support this principle:

• Cookieless tracking: Eliminates reliance on cookies, reducing unnecessary data collection.
• IP anonymisation: Automatically anonymises IP addresses, preventing identification of individual users.

(Image Source)

• Custom data retention policies: Allows organisations to define how long user data is stored before automatic deletion.

7Assets, a fintech company, was using Google Analytics and Plausible as their web analytics tools. 

However, with Google Analytics, they faced a problem of unnecessary data tracking, which created legal work overhead. Plausible didn’t have the features for the kind of analysis they wanted. 

They switched to Matomo to enjoy the balance of privacy yet detailed analytics. With Matomo, they had full control over their data collection while also aligning with privacy and compliance requirements.

Transparency and User Control

Transparency and user control are important for trust and compliance. 

Matomo enables these principles through:

• Consent management: Offers integration with Consent Mangers (CMPs), like Cookiebot and Osano, for collecting and managing user consent.
• Respect for DoNotTrack settings: Honours browser-based privacy preferences by default, empowering users with control over their data.

(Image Source)

• Opt-out mechanisms: These include iframe features that allow visitors to opt out of tracking. 

Security and Confidentiality

Security and confidentiality protect sensitive data against inappropriate access. 

Matomo achieves this through:

• On-premise hosting: Gives organisations the ability to host analytics data on-site for complete data control.
• Data security: Protects stored information through access controls, audit logs, two-factor authentication and SSL encryption.
• Open source code: Enables community reviews for better security and transparency.

Purpose Limitation

Purpose limitation means organisations use data solely for the intended purpose and don’t share or sell it to third parties. 

Matomo adheres to this principle by using first-party cookies by default, so there’s no third-party involvement. Matomo offers 100% data ownership, meaning all the data organisations get from our web analytics is of the organisation, and we don’t sell it to any external parties. 

Compliance with Privacy Regulations

Matomo aligns with global privacy laws such as GDPR, CCPA, HIPAA, LGPD and PECR. Its compliance features include:

• Configurable data protection: Matomo can be configured to avoid tracking personally identifiable information (PII).
• Data subject request tools: These provide mechanisms for handling requests like data deletion or access in accordance with legal frameworks.
• GDPR manager: Matomo provides a GDPR Manager that helps businesses manage compliance by offering features like visitor log deletion and audit trails to support accountability.

(Image Source)

Mandarine Academy is a French-based e-learning company. It found that complying with GDPR regulations was difficult with Google Analytics and thought GA4 was hard to use. Therefore, it was searching for a web analytics solution that could help it get detailed feedback on its site’s strengths and friction points while respecting privacy and GDPR compliance. With Matomo, it checked all the boxes.

Data collaboration: A key use case of PETs

One specific area where PETs are quite useful is data collaboration. Data collaboration is important for organisations for research and innovation. However, data privacy is at stake. 

This is where tools like data clean rooms and walled gardens play a significant role. These use one or more types of PETs (they aren’t PETs themselves) to allow for secure data analysis. 

Walled gardens restrict data access but allow analysis within their platforms. Data clean rooms provide a secure space for data analysis without sharing raw data, often using PETs like encryption. 

Tackling privacy issues with PETs 

Amidst data breaches and privacy concerns, organisations must find ways to protect sensitive information while still getting useful insights from their data. Using PETs is a key step in solving these problems as they help protect data and build customer trust. 

Tools like Matomo help organisations comply with privacy laws while keeping data secure. They also allow individuals to have more control over their personal information, which is why 1 million websites use Matomo.

In addition to all the nice features, switching to Matomo is easy:

“We just followed the help guides, and the setup was simple,” said Rob Jones. “When we needed help improving our reporting, the support team responded quickly and solved everything in one step.” 

To experience Matomo, sign up for our 21-day free trial, no credit card details needed.