Insights from the Strategy and Technical Sessions on Day 2 of the Eyes-Off Data Summit 2024

In the previous article, we highlighted key discussions from the first day of the Eyes-Off Data Summit 2024, where industry leaders explored the challenges of data governance and the transformative role of Privacy-Enhancing Technologies (PETs).

Now, we turn our attention to Day 2, which was split into two distinct tracks. The strategic track offered insights into navigating regulatory landscapes and building user trust, while the technical track delved into the latest advancements in PETs, from differential privacy to confidential computing. This article provides an in-depth summary of the second day’s insights, giving readers a roadmap to the current state of PETs and their real-world applications.

Strategic Challenges of Day 2 at the Eyes-Off Data Summit 2024

The first track of day 2 focused on how organisations can strategically align with evolving privacy laws, enhance transparency, and build trust while integrating cutting-edge PETs. Here’s a broad look at the key topics explored.

Transparency and User Agency in Data Governance

A prominent theme in the strategy track was the growing demand for transparency and user agency regarding how personal data is managed. Panellists stressed that as technology becomes more embedded in everyday life, companies must prioritise privacy-friendly practices. They discussed how organisations could leverage PETs to give users more control over their data, beyond just providing consent to opaque privacy policies.

One key concern raised was the widespread misuse of privacy policies as mere formalities, where users often give blanket consent without understanding the implications. 

The conversation highlighted the need for businesses to do more than just meet the bare minimum of regulatory compliance and focus on fostering real agency for users. This ties into the call for more robust regulatory frameworks that not only ensure data protection but also hold organisations accountable for transparent data practices.

Navigating GDPR and Cross-Border Compliance

Speakers explored the complexity of GDPR enforcement, with attention to cross-border issues and how the European Data Protection Board (EDPB) has played a more active role in shaping stricter penalties. 

The conversation touched on the growing need for organisations to proactively manage privacy risks, conduct thorough impact assessments, and ensure that data protection is integrated into their business operations from the start.

There was also an emphasis on how large tech companies face the highest scrutiny, but the discussion extended to how small and medium enterprises (SMEs) struggle with the same regulations. 

The panellists noted that while fines are one enforcement mechanism, the reputational and operational costs—such as halting data processing—can have an even greater impact on businesses. They underscored the importance of cross-departmental collaboration between legal, privacy, and business teams to prevent privacy violations before they occur.

Privacy in AdTech: Balancing Innovation and Compliance

The AdTech industry, with its heavy reliance on data for personalisation and targeting, continues to face challenges as it adapts to phasing out third-party cookies. Discussions in the strategy track explored how PETs, particularly differential privacy and multi-party computation (MPC), are key to ensuring privacy while still allowing advertisers to deliver effective campaigns. 

Speakers outlined how privacy-preserving methods enable advertisers and platforms to share data without compromising personal information, offering a roadmap for the industry as it grapples with changing privacy expectations.

The panellists emphasised that legal complexities remain a barrier to adoption, but progress is being made through sandbox initiatives and regulatory partnerships.

Differential Privacy in Practice

Differential privacy (DP) took centre stage as experts discussed its application across a variety of sectors. The strategic conversation explored the real-world challenges of implementing DP, particularly the trade-offs between privacy and utility. Panellists shared case studies on how DP has been used in various fields.

The panel recognised that the adoption of DP remains limited due to the complexity of choosing appropriate parameters and concerns around the accuracy of DP-protected datasets. Nonetheless, the panellists stressed that as awareness and trust in DP grow, it is poised to become a standard tool for privacy-preserving data analysis.

Collaboration and Cross-Border Data Sharing

A central topic of the strategy track was the importance of collaboration in addressing global challenges such as climate change and healthcare, which require cross-border data sharing. The panellists discussed how contractual measures are often insufficient to protect data privacy in such collaborations. They called for the adoption of PETs to enable data sharing without exposing sensitive information.

The conversation further highlighted the legal and logistical challenges involved in cross-border data flows, particularly when countries have differing privacy laws. Participants advocated for greater standardisation of privacy regulations and practices to facilitate secure and effective global collaboration. Panellists agreed that while PETs offer technical solutions, regulatory harmonisation and clear best practices are essential to their widespread adoption.

The Technical Deep Dive: Exploration of Cutting-Edge PETs

The technical track on day 2 of the Eyes-Off Data Summit 2024 provided a comprehensive exploration of the state-of-the-art in PETs.

The topics discussed demonstrated how innovations in synthetic data, confidential computing, differential privacy, and cryptography are driving progress in creating a privacy-respecting digital ecosystem, laying the groundwork for more secure, efficient, and privacy-conscious data practices across industries.

Synthetic Data

Several talks addressed both the opportunities and challenges of synthetic data. Speakers discussed how synthetic data allows organisations to simulate real-world datasets for testing and research without exposing sensitive personal information. 

However, concerns were raised about preserving the accuracy and relationships within the data, especially when applied to specific, nuanced use cases. Robust evaluation metrics and the need for further research into disaggregated utility assessments were identified as key areas for future development.

Confidential Computing

The track also delved into the rising significance of confidential computing. Talks focused on how technologies like AWS Nitro and secure enclaves ensure data remains secure even during computation, making it inaccessible to unauthorised parties. 

A demonstration of OBLV Deploy by Jack Fitzsimons, CTO of Oblivious, showed how confidential computing can be integrated into existing infrastructure, offering businesses new ways to secure data processing without sacrificing performance. This is critical for organisations managing sensitive datasets that require the highest levels of security, particularly in industries like finance and healthcare.

Differential Privacy

Differential privacy is increasingly seen as a solution for allowing data scientists to derive insights from sensitive data without ever directly accessing it. This is achieved by adding noise to the data in a way that ensures individual privacy while still producing accurate aggregate results. 

Several speakers emphasised the importance of integrating differential privacy seamlessly into machine learning workflows, highlighting how this technology can offer strong protections against privacy breaches while maintaining data utility. Robert Pisarczyk, the CEO of Oblivious, demonstrated AGENT, a platform that leverages differential privacy to ensure data can be analysed and utilised without compromising the privacy of individuals.

Homomorphic Encryption

The summit featured a comprehensive look at homomorphic encryption and other cryptographic approaches, such as fully homomorphic encryption (FHE), that allow computations to be performed on encrypted data without revealing the underlying information. 

While this technology holds immense potential for privacy-preserving data analysis, its slow computational speed remains a challenge. Innovations, like those presented by companies working on hardware acceleration for FHE, were explored as promising solutions to this bottleneck, showing a path forward for faster, more efficient privacy-preserving machine learning models.

Classic Games with a Privacy Twist

Apart from the strategic discussions, participants at the Eyes-Off Data Summit 2024 had the chance to engage with interactive privacy games, designed to make complex concepts like differential privacy accessible and fun. 

These games served as an engaging way to demonstrate the trade-offs between privacy and data utility by allowing the attendees to adjust the balance between the two, reinforcing the practical applications of PETs in a hands-on environment.

To add a competitive element, the summit featured a leaderboard where participants who best balanced privacy and accuracy won special prizes. If you're curious to see how you compare, you can try the games yourself on our website, where you can play and experiment with differential privacy settings in real-time.

A Unified Path Forward

The Eyes-Off Data Summit 2024 showcased both the technological innovations and the strategic imperatives necessary for navigating the evolving landscape of data privacy and governance. 

There was a consensus on the need for greater collaboration—between technologists, regulators, and businesses—to develop comprehensive, privacy-preserving solutions that respect user rights while fostering innovation.

The strategic discussions revealed that PETs are not only compliance tools but are increasingly becoming essential to building trust in the digital ecosystem. However, for these technologies to realise their full potential, organisations will need to work together to overcome regulatory hurdles, establish shared standards, and foster a privacy-first culture that spans industries. 

As the discussions from this year’s event continue to resonate, it is clear that the journey toward a privacy-conscious digital future is a collaborative and ongoing process, one that will shape the technological and regulatory landscape for years to come.