Privacy Technology: What's Next? privacy tech report

Privacy Technology: What's Next? privacy tech report

Practical application of data privacy technology is an urgent task in order to manage consumer data generated by the widespread use of smartphones and social media and the large-scale shift to online shopping. In addition, emerging privacy-enhancing technologies, next-generation privacy portals, and other features to address today's data challenges are helping companies make the switch to better data management practices.

This report is a report (Japanese version) on privacy technology (PrivacyTech) that was jointly created by KPMG International and OneTrust in the United States. We will consider the stricter personal information protection regulations in each country, including GDPR, and privacy tech that responds to consumer awareness.

Background of DX acceleration in the privacy field

Currently, more than 100 countries have laws and regulations related to personal information protection, such as GDPR, but in addition to global regulations, online tracking and advertising, data sharing without consent, and fatal data breaches The need for an integrated approach to privacy compliance is increasing in all corporate activities, partly due to consumer backlash against such.

As such, companies have had to move from inefficient manual processes to automated ones, leading to an explosion of privacy tech over the last few years.

Key Areas in the Transition to Privacy Tech

Process Orchestration

Process orchestration is the standardization of processes to improve operations and increase efficiency. Process orchestration also includes automation, which enables companies to consistently complete and continuously improve tasks and processes while reducing time, costs and resources. It becomes possible.

Personal Data ManagementPrivacy

Tech's solutions improve personal data management and record keeping with speed, accuracy and efficiency. Solutions that offer automated data discovery also enable us to locate personal data and effectively respond to user requests. PrivacyTech solutions can also be applied to meet additional data protection requirements through encryption, masking and automated access control.

In order to get an integrated view of GRC (Governance, Risk and Compliance)

risks, companies are moving towards integrated GRC or integrated risk management, where risk types include technology, operations, privacy, etc. increase. For enhanced privacy, process orchestration and GRC management processes will be integrated with PrivacyTech in the future, enabling comprehensive privacy risk management. In the near future, data-driven GRCs that generate real-time insights will become the norm, transforming how privacy risks are understood and managed.

Privacy risks hidden in existing technologies

IoT, 5G and Edge

Computing The proliferation of IoT, 5G and edge computing will allow us to collect a rich digital footprint with more and more data points, thus raising new concerns such as personal data exfiltration.

Artificial Intelligence (AI)

As AI and machine learning capabilities advance, businesses will seek to inform consumers about how they are using data to drive business insights and automated decision-making. must be provided.

Virtual reality (VR) and augmented reality (AR)

biometric data collection and constant data from user-facing applications may be used and appropriate privacy considerations are required.

Social Networking, Collaboration and Technology

With repeated data breaches, potential misuse of profile data, and security concerns, users are becoming increasingly concerned about the privacy implications of social networks and related technologies, and are seeking safer systems. I expect

Healthcare technology

With the increasing use of IoT in the development of home medical devices, sensitive personal data can become an issue.

Stricter national regulations and privacy tech

Like the Data Protection Directive 95/46/EC, the GDPR laid the groundwork for global privacy regulation, forcing companies to reassess their privacy compliance posture and move to higher standards. .

But this is just the beginning of regulatory change, and many countries, including China, Brazil, Thailand, and India, are also following the GDPR and moving to enact regulations.

While tightening privacy regulations bring benefits, the sheer number of potential regulatory changes will place a heavy burden on businesses to keep track of, understand, and meet their requirements.

Helpful techniques for using customer data

Regulations such as the GDPR say that data protection principles do not apply to anonymous information, but companies should ensure that anonymization does not really allow the possibility of re-identifying an individual. I have to.

We will introduce useful technologies when you need to share large data sets (aggregates of data) containing personal information.

It attempts to manage privacy risks when sharing differential privacy data. Adds a layer of "statistical noise" within the dataset that makes it impossible to determine whether each individual datum was part of the original dataset, preserving privacy while still being able to read about patterns in each population. will do so. It also allows privacy to be quantified and understood in terms of cumulative risk, with the idea of ​​setting a "privacy budget" beyond which queries will lead to the identification of individuals within that data set. To do.

Create new datasets that are different from the original data using synthetic data machine learning. Although the new dataset does not contain personal data, it retains some similarity to the original dataset, allowing for wider data sharing.

Other privacy tech

Next-generation automated

AI that utilizes AI will play a certain role in the future of privacy tech. AI, which is the basis of all operations and a barrier against unethical data handling, can also be used to enhance automation of privacy protection. From vendor management to cookie and consent monitoring to data management, AI works within privacy compliance tools to complete human tasks faster and more accurately within ethical boundaries.

When introducing AI, care must be taken to ensure ethical and safe methods.

Next-generation privacy portal

What do users expect when they want to know how their personal data is being used or exercise their rights as a data subject?

Next-generation privacy portals allow users to know exactly which fields of personal data are being used by each company, provide a visible dashboard as data is shared, and provide enhanced data usage. A means of control will be possible.

Privacy Enhancement Technologies (PETs)

PETs are a game-changer for the future of privacy tech, minimizing the use of personal data, maximizing data security, and allowing individuals to protect their own privacy rights. It is said that we will realize a mechanism that can be done. The advantage of PETs is that they enable data analysis while protecting the underlying personal data. It's changing day by day.

Data access control

It often happens that personal data such as e-mail address and location information is generated simply by visiting a website, and data is collected and stored without the user's understanding or consent. Based on this situation, multifaceted and dynamic access control models have been proposed, and in these data access control models, the concept of purpose of use is important in terms of what kind of access rights are granted. , identify the intended use of personal data in line with the purpose of access to the specified data elements. In addition, we can support compliance confirmation and explicit access prohibition related to the purpose of use.

What about data ethics?

The ever increasing sophistication of data collection increases the potential for violations of the ethical collection, processing and management of personal data. Ethics will be especially important in the future of privacy tech. Adequate planning of “privacy by design” and adherence to ethical principles that broadly consider social impacts are required.

Future prospects

Before considering a PrivacyTech solution, it's important to assess the "now" and identify your requirements.

Identify the specific needs that the solution must address, consider manual processes that can be automated while considering technical specifications, and define what the solution should deliver now and in the future.

Desirable characteristics of a solution include ease of use, mix of available products and services, and long-term sustainability that allows it to grow with the organization in a changing technological and regulatory environment.