Introduction to PETs
Contents
Introduction to PETs#
What are PETs#
One of the main goals of this playbook is to describe possible techniques and technologies aimed at creating an appropriate data sharing strategy obtaining high utility whilst protecting the sensitive nature of health data in context of health data ecosystems. So-called Privacy-Enhancing Technologies (PET) are aimed at minimizing personal data use, maximizing data security, while maintaining adequate utility. Utility here is defined as the value of data with regard to its completeness and validity. Disclosing data often results in striking a balance between safeguarding the sensitivity and utility. If sensitivity is high, little of the data can be shared resulting in low validity. Simply sharing the data as-is may yield high utility but is often prohibited or undesirable for other reasons. Techniques described here will be evaluated in their ability to strike a balance between utility and privacy in the context of a health data ecosystem. PETs form a diverse set of techniques due to their multidisciplinary background and relatively novel character. Four types of PETs will be touched upon. For each category, one or two techniques will be elaborated, examples will be given and relevant resources will be referenced. Many more techniques exists, but providing an exhaustive overview is beyond the scope of this report.
Levels of sensitivity#
Before diving into the different branches of PETs, it is important to distinguish between different components that make up the level of sensitivity of health data1. These four components need to be taken into account when setting up an appropriate data sharing strategy and can be used to assess the different options available.
First, the level of detail of the data and the associated ability to identify a specific individual or subsample from the population. Second, the level of consent or choices the subjects are given to protect their data (both for primary and re-use of their data). Third, the degree into which privacy and security measures are built into data transfer systems or data collection devices. Fourth, the stringency of applicable legal or policy framework for the collection and sharing of health data.
- 1
Jordan, S., Fontaine, C., & Hendricks-Sturrup, R. (2022). Selecting Privacy-Enhancing Technologies for Managing Health Data Use. Frontiers in Public Health, 10.