The Eyes-Off Data Summit 2023, hosted by Oblivious in Dublin, was a community event that brought together key players in the Privacy-Enhancing Technologies (PETs) space. All stakeholders gathered to address pressing data privacy issues in the era of rapid technological advancements like artificial intelligence (AI).
With the adoption of PETs on the rise, this event aimed to bridge the gap between legal, technical, and ethical considerations, fostering collaboration across various domains.
Read on to discover key perspectives, discussions, and insights from the conversations at the summit dedicated to advancing PETs in the modern era.
What’s Wrong With the Status Quo?
In today’s digital world, we have an abundance of data but only 1% is analysed and used for collaborative purposes (according to a 2015 study by McKinsey). Most data remains locked away in organisational silos. This creates challenges for stakeholders as privacy concerns hinder data scientists and companies from utilising them.
PETs present a promising opportunity to unlock their potential while maintaining privacy. While tech giants like Intel, Amazon, and Microsoft invested heavily in PETs and infrastructure for privacy safeguards, practical implementation lags due to a lack of tooling and integration into workflows.
To address these challenges, the Eyes-Off Data Summit 2023 brought together experts, regulators, researchers, and innovators from across the globe to share their perspectives and discuss the potential of Privacy-Enhancing Technologies (PETs).
This article will give you an overview of the key highlights, offering a virtual seat at the table where these exciting conversations happened.
Different Perspectives and Highlights
Katharina Koerner (Tech Diplomacy Network)
Katharina Koerner focused on the regulatory landscape for privacy-enhancing technologies and highlighted unclear anonymisation guidelines and lack of standards as challenges.
She emphasised that the law, including security principles mandated by regulations like GDPR, remains technology-neutral. While past best practices were sufficient, with the recent advancements, there is a pressing need to adopt new solutions, such as PETs.
Reza Shokri (National University Singapore)
Reza Shokri joined us remotely to shed light on auditing data privacy in machine learning systems. He emphasised the challenges of indirect privacy risks in machine learning, where the output of a model could inadvertently reveal sensitive information.
Shokri showcased his work on the ML Privacy Meter. It is an auditing tool, which aids regulatory compliance through a systematic method to audit data privacy for a wide range of machine learning algorithms with a precise measurement of the privacy and utility trade-off.
Stefano Braghin (IBM Research)
Stefano Braghin presented a pragmatic view of PETs in regulated environments, emphasising the need for a balance between data security and usability. He explored the challenges of standardisation in the PETs space and identified potential privacy vulnerabilities at various stages of data processing.
The Future of SaaS Panel
In this panel, representatives from organisations such as OECD, Oblivious, Microsoft, Intel, and Engenuitee Labs explored the importance of trust in SaaS providers.
The panellists highlighted PETs as essential tools to build a bridge of trust between users and providers. They addressed the challenges of ensuring privacy in large SaaS providers with thousands of users and advocated for the adoption of PETs to enhance security.
Fireside Talk: Insights from the Data Protection Commission (DPC)
Ultan O’Carroll from DPC provided the regulator’s perspective on the effectiveness of the General Data Protection Regulation (GDPR) after five years of implementation.
He highlighted the need for certification schemes to guarantee compliance and pointed out common mistakes made by organisations, including not following data privacy policies and privacy washing. The talk also touched on data sharing between the US and the EU and the insight that the recent developments must stand the test of time to prove effective.
Panel: Exploring PETs with Data Protection Guidelines
This panel, led by Paul Comerford (ICO UK) and moderated by Shane McNamee (Mastercard) and June Brawner (Royal Society), recognised the importance of collaborative efforts and standardised practices as key to driving widespread adoption.
The panellists emphasised the need for tech tools, such as the Privacy Meter by Reza, to balance privacy and utility effectively. They also touched on the significance of good standards and the role of PETs in long-term memory with regard to GDPR’s storage limitation principle.
Panel: Ethics & GDPR in Privacy-Preserving Data Science
The panel, moderated by Dave Buckley, featured speakers Carlo Salizzo, Konrad Kollnig, and Adrian Byrne, highlighted the need for shared vocabulary, especially between lawyers and technologists, when implementing privacy measures like anonymisation.
The discussion delved into the potential for reinforcing biases through increasing privacy and anonymisation, and the importance of proving the fairness and accountability of AI models.
Ronald Jansen (UN) & Steve MacFeely (WHO)
Ronald Jansen highlighted the UN as one of the early adopters of PETs, recognising their value in facilitating data sharing among countries and organisations. They discussed how data access could prevent positive social change, as privacy concerns sometimes hinder the work of organisations like the WHO.
The speakers acknowledged the challenges of balancing data movement in a modern economy while protecting individual privacy.
Panel: “Eyes-Off Data Science”
Day 2 of the event opened with Jack Fitzsimons, Dave Buckley, Mike Fenton, Simon Gallagher, Raphaël de Fondeville, and Owen Daniel discussing “eyes-off data science,” data analysis without making data visible. This panel session explored how data scientists can leverage data sources with extremely limited access to such.
The speakers addressed the importance of simplifying PETs implementation, providing education about available tools, and making it enjoyable to encourage adoption, highlighting the skills gap in utilising eyes-off data science.
Fireside Talk: Salil Vadhan (Harvard and OpenDP)
Salil Vadhan provided comprehensive insights into the goals of Differential Privacy as a golden standard for privacy protection, achieved by injecting random noise to make the data indistinguishable to attackers.
After the talk, Owen Daniel from ONS UK facilitated a Q&A session between Salil and the audience. A key topic was the delicate balance between utility and privacy when using Differential Privacy.
Salil stressed the importance of transparency in epsilon usage and understanding the implications of deviating from the recommended values when using Differential Privacy. He used an example of the US census using epsilon 19.61, instead of recommended 1, prioritising utility over privacy.
To encourage the widespread adoption of DP, the room agreed that there is a need for user-friendly tools, as data scientists shouldn’t have to become experts in DP to utilise it effectively.
Reporting on the PETs Reports
This panel session brought together authors of PETs reports in recent years. Katharina Koerner moderated this session, and the panellists were June Brawner from the Royal Society, Christian Reimsbach-Kounatze from the OECD, Dave Buckley from the CDEI, and Robert Pisarczyk from Oblivious.
The group first discussed various meanings of PETs in context with their reports, before leading into the obstacles and barriers to PETs adoption. It was interesting to see the various interpretations of traditional and emerging PETs and how they can reduce the threats typically associated with collaboration. The panellists then also spoke on increasing our trust in PETs.
AI Models and the Danger They Pose to Data Privacy
Ali Rizvi moderated the talk, and speakers Vid Kocijan, Maximilian Ahrens, Meelis Lootus, and Ciarán Hickey underscored that until now, there has been limited focus on preserving privacy in LLMs.
The panel raised that even seemingly harmless data points could be exploited to reveal sensitive information. The speakers highlighted that Differential Privacy involves more than just utility and privacy; it also raises concerns about bias.
Introducing noise to protect privacy can lead AI systems to pick up superficial stereotypes, making bias mitigation methods essential. However, the speakers recognised the technical challenge of adding noise to text, which they hope could be solved.
Community Building with PETs
A workshop with Thu Vu, Ali Rizvi and Robert Pisarczyk focused on creating, maintaining and growing a sustainable data science community. Thu Vu, who has her own popular YouTube channel, has been instrumental in democratising complex data science concepts and making them more accessible.
Their session also focused on the real-world challenges community builders often face, and ended on the importance of a proactive and persistent approach to create a thriving community around data science.
Balancing The Needs of Multidisciplinary Stakeholders
The summit progressed with a panel discussing weaving together an array of multidisciplinary stakeholders. Panellists Hema Krishnamurthy, Owen Daniel from ONS UK, Gary Leyden from InsTech, and Patrick Palmer from AWS scrutinised the risks and rewards associated with data privacy. They emphasised the importance of a common language as the bedrock for effectively implementing Privacy-Enhancing Technologies (PETs).
Privacy-By-Design: Building Privacy into Products and Services
The Privacy-By-Design panel emphasised integrating privacy considerations from early product development stages to foster user trust and prevent costly future changes.
Panellists Hema Krishnamurthy, Shane McNamee, and Adrian Byrne highlighted the role of privacy in enhancing user experience across various sectors and technologies, and opportunities in promoting bias protection.
Privacy in the Age of Digital Health
In this panel session, Meelis Lootus from IEEE/ML technologies, Ajay Oza from HPSE, and June Brawner from The Royal Society examined the challenges and opportunities presented by digital health technologies.
While digital health advancements offer enormous potential, the critical task is to ensure that these technologies are deployed responsibly, maintaining patient privacy and building trust.
Championing Differential Privacy within the Swiss Federal Administration
Speakers Raphaël de Fondeville and Pauline Maury-Laribière spoke on why differential privacy, a mathematical concept that ensures the privacy of individuals when analysing large datasets, is important for statistical work.
It adds statistical noise to the results, so that an individual’s information cannot be reverse-engineered. Pauline then followed with a live demonstration to show how this would work, and the two also spoke on their aim to be a model for responsible data utilisation and privacy preservation.
Getting Hands-On
The Eyes-Off Data Summit in Dublin wasn’t just about talks and theory. On the second day, we had a technical track dedicated to exploring the nuances of specific PETs, from their operational mechanisms to their practical implications.
Industry experts led participants through live demos of PETs and their application in real-world scenarios.
Hazy’s CEO Harry Keen gave a demo and overview of synthetic data. Hazy’s platform generates synthetic versions of real data, which carry no personal identifiable information and are exempt from GDPR restrictions, thereby facilitating easier data sharing and usage while maintaining customer privacy.
Nicolas Grislain from Sarus provided insights into the remote execution of differential privacy, a technique that allows data to be utilised without sharing it. This ensures that data scientists can send their code through a secure interface and maintain anonymity and overall, a seamless experience.
The next demo was presented by Naoise Holohan from IBM Research, who spoke on the key idea of differential privacy being to “blur” the data, with the use of Python, Numpy and SciKit Learn.
Manuel Capel from Inpher then presented Cryptographic Secret Computing. He highlighted their XOR SaaS platform that combines, query analyses and accesses confidential data for AI.
The intricacies of Homomorphic Encryption were covered by Kyoohyung (Kay) Han of Samsung SDS, Joseph Wilson and Florent Michel of Optalysys. The latter spoke on how to compute securely with Fully Homomorphic Encryption, and presented a demonstration of how to actually see this computation.
Data Privacy and PETs Adoption
During the summit, we discussed the challenges regarding data privacy and PETs adoption, including the need for clear guidelines, the use of varying terminologies across jurisdictions, and technical challenges to implementation, hindering standardised PETs adoption. The community is encouraging organisations to invest in PETs to enhance data security and build trust. Regulators are urged to introduce privacy-friendly regulations to enable PETs integration.
The summit emphasised the need for user-friendly technologies that enable easy implementation of PETs on a larger scale, integrating them into the current workfl