According to the UnivDatos, rising data privacy regulations, growing cybersecurity threats, expansion of AI & machine learning, increasing demand for secure data sharing, growth in cloud computing & edge computing, adoption of homomorphic encryption & secure computation, surging investment in fintech & healthcare drive the privacy enhancing technologies market. As per their “Privacy Enhancing Technologies Market” report, the global market was valued at USD 2.45 Billion in 2023, growing at a CAGR of about 25% during the forecast period from 2024 - 2032 to reach USD Billion by 2032.

Introduction

With the increased focus on privacy in today’s society especially in the era of the Fourth Industrial Revolution, PETs are being developed and adopted at an increased rate. Homomorphic encryption, ZKP, secure MPC, and differential privacy are some of these technologies that are gradually crucial for businesses to have secure data processing and legally acceptable data processing by the various stringent data protection laws across the world. Going by these future trends, governments are putting in place strict measures on the use of personal data, containing and fighting cyber threats together with ethically using AI in organizations are calling into forcing organizations to factor the use of PETs into their security standards. This paper aims to identify and discuss some of the major legal systems affecting the PETs market and their effects on related industries and companies around the world.

PET Trends in Europe

The European Union – General Data Protection Regulation (GDPR)

The GDPR which was adopted in 2018 is one of the most stringent global legislation protecting the privacy of personal data. GDPR demands the user’s consent, proper data encryption, and erasure rights that force organizations to leverage PETs to work with sensitive data safely.

In February 2024, the European Parliament amended this regulation, manifesting the EU Digital Identity Wallet, a cross-border interoperable identity and credential infrastructure centred around selective disclosures and unlinkability. For electronic attestation of attributes, the European Telecommunications Standards Institute (ETSI), an independent standard-setting organisation, has examined the efficacy of a variety of signature schemes, credential formats and zero-knowledge proofs and recommends the use of ISO mDL and/ or SD-JWT for eIDAS2 compliance. At the same time, ETSI recognised that other organisations may benefit from the use of non-approved technologies, such as the BBS signature scheme, as well as those protocols developed with specific use cases in mind (e.g.- zk-SNARK for blockchain-based cryptocurrencies).

United Kingdom (UK)

In 2023, the ICO released guidance on PETs to provide Data Protection Officers and researchers with a holistic and comprehensive view of Homomorphic Encryption, SMPC, ZKP, Federated Learning, Synthetic Data, TEE, and Differential Privacy. The associated risks and benefits accompanying each PET are examined in the report. In addition to the aforementioned PETs, the report recommends establishing access controls and monitoring, carrying out data protection impact assessments, and auditing to comply with the UK GDPR and sectoral laws.

Access sample report (including graphs, charts, and figures) - https://univdatos.com/reports/privacy-enhancing-technologies-market?popup=report-enquiry

PET Trends in North America

United States – CCPA, CPRA & Federal Regulations

It is legal due to the rules triggered by the California Consumer Privacy Act (CCPA) since 2020 with the further advancement of the California Privacy Rights Act (CPRA) in 2023. These laws offer consumers additional powers of data access, deletion, and the right to opt-out as far as their records are concerned.

At the federal level, one of the institutes that have focused on the development of privacy-preserving cryptography is the National Institute of Standards and Technology (NIST). Also, there are proposed legislations such as the American Data Privacy and Protection Act (ADPPA) which is an effort to ensure that other federal laws are put in place and in sync with the international initiatives that support PET adoption.

India – Digital Personal Data Protection Act (DPDP Act)

India enacted the DPDPA in August 2023, which heralded a new era for Data Principals to be in control of what data is being collected and processed by entities. The SPDI Rules are set to be replaced by the DPDPA, which expands the scope of regulating data processing activities. To elaborate, while the SPDI Rules’ scope is limited to governing sensitive personal data, the DPDPA governs the processing of all kinds of personal data. Further, the SPDI Rules were critiqued for being a well-intentioned yet toothless regulation, as they lacked a robust enforcement mechanism. On the other hand, violating DPDPA compliance requirements attracts hefty penalties.

Japan – Act on the Protection of Personal Information (APPI)

The Personal Information Protection Commission Secretariat (PIPCS) of Japan has released a report to assist accredited organizations in setting policies and standards while handling and creating anonymously processed data.

In terms of sectoral guidance, the Bank of Japan’s 2023 report explores the benefits of utilizing PETs in digital currencies. The report proposes PETs including k-anonymity, Differential Privacy, and Trusted Execution Environment (TEE) for securing digital payments. It also suggests using homomorphic encryption in combination with secret computation to add layers of safeguards while handling bank customers’ data.

Japan’s Act on the Protection of Personal Information or APPI has undergone an amendment in 2022 that broadens the users’ rights and tightens the breach notification rules. The legislation enables the free flow of data across national borders but at the same time challenges organizations to ensure they use PETs in handling data securely. To address APPI and gain consumers’ trust, companies in Japan are implementing privacy-preserving AI and blockchain-based security models. 

Other global rules that affect the adoption of PET include:

Country

Regulations

Australia – Privacy Act (Under Revision, 2024)

The Office of the Australian Information Commissioner (OAIC) is the key regulatory authority in Australia that provides guidance on privacy and information rights. The OAIC, in its 2021 consultation paper on the National Health Privacy Rules, has noted the merit of utilizing PETs. From a sectoral perspective, the PET advancement within the Australian healthcare ecosystem has enabled “large human service datasets from multiple different sources to be linked together to produce insights while preserving the privacy of individual subjects.

Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)

Regulatory guidance surrounding PETs in Canada is primarily offered by the Office of the Privacy Commissioner (OPC) and Canada’s federal data privacy legislation titled the Personal Information Protection and Electronic Documents Act (PIPEDA).

South Korea – Personal Information Protection Act (PIPA)

South Korea enacted the Personal Information Protection Act (PIPA) in 2011 and recently amended it in 2023. It regulates any entities that collect, use, disclose, and process personal data. These regulations have prescribed the use of PETs to ensure data security and privacy throughout the lifecycle of personal data. The Act requires personal information controllers to take necessary steps, such as encryption, to process personally identifiable information

Conclusion

With the growing legalization of data privacy all over the world, Privacy Enhancing Technologies or PETs are now considered indispensable to business organizations that deal with the data of consumers. Regulations require that organizations that gather this information should follow regional and international data protection laws; organizations must embrace a privacy-first approach and adopt cryptographic technologies. In the future, more changes in the regulations will affect the PETs market and help boost development in the proven AI privacy-preserving technology, confidential computing technology, and secure data-sharing infrastructure. The firms that adopt PETs will not only be on the right side of the law but also the right side of the firm, there is a shift to the privacy-first economy.

Contact Us:

UnivDatos

Email - contact@univdatos.com

Website - www.univdatos.com