With the increasing dependence on digitalization in our lives, the protection of personal data has become a mandatory measure for virtually all companies.
The importance of care in data processing was furthered in Brazil with the establishment of specific regulation under the General Data Protection Law – LGPD.
This vision of a necessary incorporation of privacy and personal data protection in all projects developed by a company is better known as Privacy by Design.
It can be explained as the perception that privacy and data protection should be ensured from the creation of a project and operation of a business, going beyond technological limits to impact operations themselves, as well as the company’s management and work structures, physical spaces, and infrastructure network.
In Brazil, this concept was supported through Paragraph 2 of Article 46 of LGPD, where the idea was established that the regular processing of data and the protection of information should be carried out since the creation of any business, ensuring the privacy of personal data from its inception and throughout the life cycle of that solution.
In order to guarantee the effectiveness of this protection, we have Privacy-Enhancing Technologies or PETs, consisting of combinations of a string of tools, applications, and mechanisms that, when integrated with online services, mitigate or eliminate the actual possession of personal or sensitive data without losing the functionality expected for that data.
Through these privacy enhancement technologies, data is used that makes sense from a computational standpoint, but is completely disposable and useless as isolated information if it is used outside the company’s solution environment, such as in a data leakage situation.
As an illustration, we can refer to Homomorphic Encryption, which uses cryptographic methods enabling the use and processing of data even if it is unreadable and encrypted; in turn, Differential Privacy allows the extraction of statistics from a dataset without revealing user identity; while Anonymization or Tokenization methods add layers of security in the collection, processing, and storage of a given datum.
It is evident that the use of PETs fulfills the anonymization requirements set forth in LGPD and, therefore, helps much more effectively in meeting the demands of society in relation to privacy, since through these tools and conduct it is possible to ensure that even in cases of data leaks, the leaked information proves to be of no commercial value, which discourages the dissemination and does not compromise the identity of customers and subjects who hold such data.
Needless to say, Privacy Enhancement Technologies alone are not able to make a company immune to attacks and security threats, rather, they should be implemented in addition to the awareness-raising of employees in the data processing guidelines, thus acting on the synergy of technological tools and human behaviors that contribute to the effective mitigation of risks.
References:
BRASIL. Lei nº 13.709, de 14 de agosto de 2018. Lei Geral de Proteção de Dados Pessoais (LGPD). Brasília, DF: Presidência da República, [2020]. Available at: https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm. Accessed on: July 11, 2024.
Ciência da informação e privacy by design: aspectos éticos e possibilidades de pesquisa. Logeion: Filosofia da Informação, Rio de Janeiro, RJ, v. 9, n. 2, p. 124–143, 2023. DOI: 10.21728/logeion.2023v9n2.p124-143. Available at: https://revista.ibict.br/fiinf/article/view/6099. Accessed on: July 12, 2024.
PET’s: uma resposta estratégica contra riscos. Privacy tools, 2024. Available at: https://www.privacytools.com.br/pets-uma-resposta-estrategica-contra-riscos/. Accessed on: July 12, 2024.
OECD (2023), “Emerging privacy-enhancing technologies: Current regulatory and policy approaches,” OECD Digital Economy Papers, No. 351, OECD Publishing, Paris, Available at: https://doi.org/10.1787/bf121be4-en. Accessed on: July 12, 2024.
Privacy-Enhancing Technologies (PETs): mitigação de riscos regulatórios e estratégia de negócios digitais. Linkedin, 2024. Available at: https://www.linkedin.com/pulse/privacy-enhancing-technologies-pets-mitiga%C3%A7%C3%A3o-de-riscos/#_ftn1. Accessed on: July 11, 2024.
Autor: Lucas Rodrigues Lucas • email: lucas.lucas@ernestoborges.com.br