Eyes-Off Data Summit 2024 Offered a Deep Dive into the Future of Privacy and Data Governance

The Eyes-Off Data Summit 2024, hosted in Dublin by Oblivious on 11-12 of September, brought together leading experts from across industries to address the growing challenges and opportunities in data privacy and governance. The event showcased two days of focused discussions, panels, and hands-on demonstrations, all centred around advancing privacy-first technologies and responsible AI governance.

This year marked a significant shift from theoretical debates to real-world applications. Privacy-Enhancing Technologies (PETs) took centre stage, with conversations focusing on how organisations are already implementing these tools to protect user data while fostering innovation. It was clear that the community is no longer just exploring possibilities but actively working on solutions that align privacy with progress.

For those who missed the summit or are looking to gain a deeper understanding of the current state of PETs, this article summarises the key insights shared by the industry’s leading voices during day 1. It serves as both a guide to the present landscape of privacy technologies and a reference for the strategic conversations shaping the future of data governance.

Privacy as a Personal and Political Issue

Max Schrems, a pioneering figure in privacy advocacy, reflected on his landmark cases against Facebook and the broader cultural differences in how privacy is perceived across countries. Schrems highlighted how privacy is often less about legal frameworks and more about the emotional impact of being surveilled. 

At the same time, Schrems called for stronger cross-border regulatory enforcement, pointing to the weak enforcement of laws like GDPR. Despite its comprehensive protections, Schrems noted that many data protection authorities lack the resources or political will to enforce regulations effectively against tech giants. 

“In Europe, foreigners enjoy the same rights as citizens. However, this is not the case in the United States. While the Fourth Amendment provides strong privacy protections for U.S. citizens, European citizens often are second-class citizens in the US, in terms of privacy,” Max noted.

The gap between legal protections and real-world practices remains a critical challenge, particularly as new technologies such as AI emerge.

The Fragility of Anonymised Data

Andreas Dewes tackled the persistent myth that anonymised data can protect individuals from identification. His talk revisited a 2016 investigation where he and his team successfully de-anonymised a dataset of 3 billion URLs from 3 million users, proving how easily even anonymised data can be linked back to individuals. 

The investigation demonstrated that digital footprints—such as browsing history, video views, or geolocation data—are so unique to individuals that only a few points are needed to de-anonymise someone.

This investigation is even more relevant today, with the rise of AI and machine learning amplifying the risks. Dewes warned that these tools make it easier to process and cross-reference massive datasets, making data breaches and re-identification more likely. 

“As people engage in conversations with LLMs, they often pose more intimate questions than they would dare type into Google, exposing much more sensitive information. This growing intimacy raises significant privacy concerns—it’s not a matter of if but when misuse will occur. We must address these concerns now, while we still have some time,” observed Andreas.

Differential Privacy: Data for Social Good

In a standout session, Mayana Pereira of Microsoft discussed the potential for differential privacy to solve socially relevant issues while maintaining privacy protections. Pereira highlighted how Microsoft’s projects, like their Broadband Usage Data and Digital Literacy Data, have been used to address digital equity and accessibility challenges in the United States. 

By using telemetry data and applying differential privacy techniques, Microsoft has helped policymakers and researchers better understand the digital divide without exposing personal information.

The success of these projects underscores how responsible data sharing can drive positive social change. However, Pereira cautioned that data alone isn’t enough—organisations need to apply privacy-conscious designs and collaborate openly to ensure that open data initiatives remain ethical.

Scaling Privacy with Real-World Policy Prototypes

David Lehr's talk focused on the Open Loop program, an experimental initiative aimed at testing and refining government privacy policies through the use of PETs. Lehr highlighted the two-year pilot projects in Brazil and Uruguay, designed to assess how draft privacy laws and frameworks could be implemented in real-world scenarios. 

By collaborating with local policymakers, tech companies, and data protection authorities, the program sought to create actionable policy recommendations that would align with both legal and business needs.

A central tool developed as part of the program was the PETs Playbook, which guides companies through a three-step process: assessing privacy risks, identifying risk-reducing strategies, and selecting the appropriate PETs for implementation. Lehr emphasised the need for regulatory clarity to help companies navigate the complexities of PET adoption. 

Privacy-Enhancing Technologies in Finance

Leaders from financial institutions, such as Mastercard, Societe Generale, and Capital One, shared how they are integrating PETs to securely share data without breaching privacy regulations in the finance industry. 

For many, the adoption of PETs can enable faster, more secure data collaboration across jurisdictions—a critical need in a highly regulated industry like finance.

This panel emphasised that PETs aren’t just compliance tools; they are essential for business innovation. By implementing PETs, financial institutions can access and analyse data more efficiently, enabling better fraud detection, model testing, and regulatory reporting.

The Future of AI Governance

AI was another focal point of the summit, particularly its intersection with responsible governance. In a panel discussion on AI and Emerging Technologies, speakers underscored the importance of building governance frameworks that allow for safe experimentation. 

Participants agreed that education and acculturation within organisations are crucial to harnessing AI’s potential while avoiding its pitfalls. Employees need to feel comfortable experimenting with AI, but within the boundaries of clear compliance and ethical frameworks. 

The challenge for organisations is to strike a balance between embracing AI-driven innovation and maintaining rigorous governance to ensure responsible data use.

Building a Movement Around Privacy-Enhancing Technologies

This panel emphasised the role of cross-sector collaboration—between government, industry, and academia—in driving the adoption of PETs. Community initiatives are critical for raising awareness and making privacy technologies more accessible.

The panel also highlighted the importance of use case repositories, which can lower the barriers for organisations looking to adopt PETs. These repositories provide practical examples of how PETs have been successfully implemented, offering a roadmap for companies that are new to the technology.

Day 1: A Vision for the Future of Privacy

As the first day of the Eyes-Off Data Summit 2024 demonstrated, the future of privacy and data governance will require a multi-faceted approach. From rebuilding trust in technology to ensuring responsible AI governance, the path forward lies in the collaborative efforts of technologists, regulators, and businesses. 

The discussions from the first day have set the stage for the continued evolution of Privacy-Enhancing Technologies and data-driven innovation. During the second day, the Summit split into two tracks, with one tackling the strategic challenges of integrating PETs and the other one zooming in on the technical aspects of the emerging technologies, which we will cover in part two of this article, focusing on the second day.