Blog

The Data Privacy Paradox: Stated Concerns Meet Actual Priorities

6/1/2022

By:Liminal Team

The onus for data privacy preservation has shifted partially toward businesses, but this doesn’t decrease the control of individuals. On the contrary, individuals have greater control of how their information is used, mostly because businesses are accountable for how they store, share, and use data.

Regulations like GDPR, CCPA, and LGPD are forcing businesses to absorb increased responsibility for data security. Along with the changing digital identity landscape, such regulations are the leading driver of privacy-enhancing technology adoption. 60% of large enterprises will be leveraging one or more privacy-enhancing technologies (PETs) by 2025.

While regulations and institutional pressure accelerate adoption of privacy-enhancing technologies, other forces delay deployment. Specifically, implementation costs create financial roadblocks. Our reporting on privacy-enhancing technologies outlines how data privacy strategies and notable PET providers help businesses reconcile costs and risks.

What Are PETs and How Do They Help?

Privacy-enhancing technologies protect data by minimizing personal data use and sharing. The data becomes more secure while individuals gain visibility into (and control over) how their information is consumed. 

PETs fall into two categories:

 

  1. Soft Techniques – Entrust third-parties like big data businesses and data governing agencies to maintain data integrity and privacy. Outline policies and procedures, then leave it to reliable partners to abide by them. Examples include consent management systems and enhanced consumer deletion controls. 
  2. Hard Techniques – Prioritize data minimization and obfuscation to avoid trusting third-parties with data. For example, use homomorphic encryption to protect data in use or enable blockchain-based attribute sharing to limit access by third-parties.

 

Soft and hard PETs all aim to increase data security and privacy. EU data protection authorities have levied $1.2 billion in fines over breaches of GDPR since January 2021. Privacy-enhancing technologies are designed to prevent such penalties for regulatory non-compliance, though there’s still a long way to go to address new risks.

Why Businesses Adopt Privacy-Enhancing Technology

Individuals are increasingly exposed to fraud, data breaches, and misuses of their personal data. Cellular technologies, devices, and networks that service over five billion mobile subscribers across the world also unlock new data streams that provide us with digital identities as unique as a fingerprint. Smartphones have become accurate identifiers of individuals, creating even more opportunities for data misuse. Public awareness of high-profile privacy failures is combined with regulators' powers and willingness to use them - both of these are keeping privacy in the mind of the public.

Regulators pass regulation to mandate data privacy, robust cybersecurity, and protection of children. In turn, strict regulations force businesses to re-evaluate their data management practices. Privacy concerns are especially high in some industries, and investing in PETs is much less costly than the impact of even one data privacy event, which can damage brand equity and spur financial penalties.

Why Businesses Avoid Privacy-Enhancing Technology

Few business leaders deny the importance of data privacy; however, there are competing priorities. Limited capabilities and resources prevent some businesses from adopting PETs in a timely manner. It’s especially difficult to find cost-effective techniques to meet all privacy requirements.

There are many solution providers to meet current market demand, but few do it sufficiently. Most PETs offer similar capabilities and use case coverage. Major players include first-movers with established reputations as well as well-funded newcomers. Some of these vendors are pulling ahead of the pack by eliminating burdensome implementation costs and offering compliance support with reduced technical complexity.

Effective adoption of PETs involves selecting techniques to satisfy specific use cases. Businesses that choose appropriate methods and providers receive the benefits they need without unnecessary costs. Our member-exclusive reporting on privacy-enhancing technologies maps data protection needs to specific providers.

 

The Data Privacy Paradox Stated Concerns Meet Actual Priorities

Types of PETs

The global data privacy software market size is expected to reach $17.8 billion by 2028. The market landscape will continue to change along with the state of consumer identity and privacy. For now, vendors typically operate on a tiered subscription basis based on factors such as number of licenses, platform utilization, and data volume. 

Common data privacy and security methods include the following:

  • Homomorphic Encryption 
    • Addresses challenge of unnecessary data sharing with processors 
    • Encrypts data to be used in mathematical operations without decryption
    • Enables new services by removing privacy barriers inhibiting data sharing or increases security to existing services
    • Commonly adopted for medical research and analysis to retain compliance with patient privacy laws
  • Differential Privacy
    • Addresses challenge of data misuse and de-identification
    • Enables sharing of information about patterns in a dataset, but withholding information about individuals
    • Can be used with synthetic data (i.e.,  fake data that has the same statistical utility of the original dataset, but contains no real identifying data)
  • Federated Learning
    • Addresses challenge of device data localization
    • Essentially the decentralized version of machine learning
    • Enables collaborative training of an algorithm by decentralized edge devices with local data, without sharing the data
  • Pseudonymization
    • Addresses challenge of data integrity and security
    • Replaces identifying data fields with artificial identifiers to preserve data utility while prioritizing data privacy
    • Does allow data restoration and re-identification, but addresses the GDPR’s requirement for strong technical and organizational safeguards
  • Zero-knowledge Protocols
    • Addresses challenge of account takeover and brute force password fraud for authentication purposes
    • Verifies the truth of statements without revealing additional information or underlying data
    • Eliminates passwords and reduces the likelihood of account takeover 

 

As service providers contribute more to online privacy, businesses realize previously aspirational privacy goals. Access member-exclusive reporting for more detailed descriptions of these five data privacy techniques and the challenges they address.

Matching PETs to Use Cases

There are dozens of notable companies in the privacy market. Each has its own focus area, ranging from homomorphic encryption to data de-identification. Some specialize in providing encrypted data access for specific industries like fintech and healthcare.

Unfortunately, many of the most notable players in the PET market struggle to demonstrate tangible impact. Because data protection is difficult to demonstrate, some business leaders see little reason to tolerate costly and technically difficult implementations. For privacy-enhancing technologies to become fully mainstream, vendors must demonstrate how they can avoid the consequences of maintaining the status quo, reduce regulatory and legal risk, and create meaningful privacy interactions for consumers. 

Which PET Is Right?

Businesses can’t afford not to invest in privacy-enhancing technology, but can’t afford to spend frivolously. The best PET provider for protected data analysis might not be the best option for privacy compliance or data localization. It takes some knowledge of the data privacy landscape to make an informed selection.

 

To learn more about all of the key players, contact Liminal for a full report on the PET market.

Subscribe to the
Liminal Newsletter

Stay updated with the latest news, data and insights from Liminal

explore more
Private Equity Due Diligence Jumio $150M

Case Study

Private Equity Due Diligence: Jumio Raises $150M to Fuel Automation

Research on Transaction Fraud Prevention in E-Commerce

Articles

Merchants Prioritize Customer Experience Over Effective Fraud Prevention Despite Significant Concern for AI-Enabled Fraud Attacks in Digital Transactions

Filter by Content Type
Select all
Research
Podcasts
Articles
Case Study
Videos
Filter by Category
Select all
Customer Onboarding
Cybersecurity
Fraud and Risk
Go-to-Market
Growth Strategy
Identity Management
Landscape
Market Intelligence
News
Transaction Services