40 Years of Privacy Technologies
Lessons learned and the future
The sixth in the 2025 programme of TDL webinars took place on Thursday, 24 April when a group of distinguished subject matter experts sought to understand the lessons learned from 40 years of privacy technologies. The session covered the evolution of privacy technologies, the challenges of implementing privacy regulations, and the differences in privacy views between the United States and Europe. The discussion concluded with reflections on balancing privacy and user freedom in smart devices and AI, emphasising the need for smart regulations and transparency in data usage.
Background
Concerns for user privacy materialised simultaneously with the development of the electronic systems containing personally identifiable information. From early technologies, focusing on re-identification to reliance on encryption, to today's sophisticated device and data-adjusted toolbox, many lessons have been learned.
Some of the issues arising include:
The evolution of privacy technologies. Which approaches were important and made a difference (directional or practical), and which approaches didn’t live up to their promise. Data protection was considered as part of privacy topics for this discussion.
The role of the regulatory and legal frameworks in supporting or hindering the deployment of promising privacy techniques. Was the adoption of viable technologies helped by regulations? Is the translation between privacy principles (e.g., privacy by design) and technology solutions possible?
Privacy and AI. With the rapid deployment of various AI solutions, what will change for privacy? Will the widespread use of LLMs affect the key concepts in privacy, approaches to privacy technology and regulation? What are the main challenges for privacy in the current computing environment?
Future of privacy. How should we envision the future of privacy? What new technologies should be anticipated? What are the new challenges? Is the outlook generally positive, negative or somewhere in between?
The Speakers
Moderated by TDL Strategic Advisor, Claire Vishik, the speakers were:
· Ro Cammarota, Senior Principal Engineer and Chief Scientist, Privacy-Enhanced Computing Research, Intel Labs
· Aggelos Kiayias, Chair in Cyber Security and Privacy, The University of Edinburgh
· Mikołaj Rogowski, Director of Global Privacy, Arcadis; Adjunct Professor, Munich Intellectual Property Law Center (MIPLC)
· Bruce Stuckman, Founder, CEO, Texas Technology Ventures
Evolution of Privacy Technologies
The importance of cryptographic technologies was discussed, from the evolution of privacy technologies to the point where approaches are difficult to implement. For example, multi-party secure computation or homomorphic encryption moved from being exclusively topics of research to creating broadly available libraries to facilitate commercial development. The panel agreed on the need for more practical and effective privacy technologies, with a focus on their application in various industries that have clear benefits and that are transparent and measurable. In this context, differential privacy was mentioned.
Privacy vs Performance and Other Trade-Offs
Inevitable trade-offs between privacy and performance in systems were touched upon. The implementation of strong privacy protections often results in some degradation of performance. It was suggested that companies need to justify the importance of privacy to their stakeholders, making privacy one of the differentiators. Taking a perspective on privacy technologies from a compliance standpoint, there was disappointment at the level of coordination between the evolution of technology and legal/regulatory frameworks, with an emphasis laid on fostering trust in the industry with the further suggestion that regulators could play a role in bolstering this trust.
Privacy Differences Between the US and Europe
A discussion ensued on the differences in privacy views between the United States and Europe, highlighting the EU's Charter of Fundamental Rights which established data protection and privacy as fundamental rights. It was noted that the United States lacks a similar consistent framework, with privacy laws varying by state. Observing that the complexity of privacy laws in the US compared to the EU's standardised approach, it was suggested that historical experiences, such as the Second World War and its aftermath, have made privacy a crucial aspect of European societies. Added to which people's attitudes towards technology and privacy are influenced by the perceived benefits and risks; and that trust in systems and entities is key to sharing information.
Balancing Privacy and System Functionality
The team discussed the challenges of translating privacy regulations into specific technologies. They agreed that collaboration between different disciplines is necessary to achieve a balance between privacy protection and system functionality. The panellists highlighted the difficulty of creating regulations that are unambiguously translatable and the need for specific recommendations from regulators. They also acknowledged the importance of considering the user experience in the implementation of privacy technologies.
Balancing Privacy and Technological Advancements
The panel discussed the balance between privacy and user freedom in the context of smart devices and AI. They highlighted the need for smart regulations that promote privacy without impeding technological and commercial developments. It was suggested to rethink the infrastructure of information creation, distribution and processing, with an emphasis on the importance of transparency in data usage. The panellists concluded on a positive note, expressing optimism about the future of privacy with advancements in technology and distributed ledgers.