Appendix 2. Key Evaluation Questions for Privacy-Enhancing Technologies (PETs)

This appendix outlines the series of key questions used to evaluate privacy-enhancing technologies (PETs) in Table 1. Each question is designed to assess specific aspects of a PET, such as its ability to maintain data privacy, prevent re-identification, and ensure scalability, among other factors. The answers to these questions help determine a PET’s strengths, limitations, and suitability for different use cases, supporting informed decisions in the adoption of these technologies for privacy protection.

1. Does this PET allow personal data to be re-identified? This checks whether the method or process could enable unauthorized parties to re-identify personal data, either in transit or after protection is applied.
2. Does this PET provide strong anonymity protections? This checks whether the method ensures that individual data points are indistinguishable within a dataset.
3. Does this PET prevent re-identification in publicly shared data? This asks whether the technology ensures that personal data cannot be re-identified when shared publicly, such as in a dataset or report.
4. Does this PET help prevent linkage attacks across datasets? This checks whether the PET helps prevent adversaries from combining or correlating datasets to re-identify individuals.
5. Does this PET introduce accuracy trade-offs? Some PETs may reduce the quality or accuracy of data to protect privacy. This question asks whether accuracy is sacrificed.
6. Is this PET reversible (i.e., can the original data be reconstructed)? This assesses whether the protected data can be reversed or mapped back to the original data, such as through decryption or re-identification techniques.
7. Does this PET support computations on encrypted or anonymized data? This checks whether analysis or operations can be performed on encrypted or anonymized data without first decrypting or de-anonymizing it.
8. Does this PET support secure data sharing with external partners? This determines if the technology enables data to be securely shared with outside entities while maintaining privacy protections.
9. Is this PET best suited for use within a single organization? This checks whether the PET is mainly intended for internal use rather than multi-party collaboration.
10. Does this PET require trust in a central authority or intermediary? Some PETs rely on a central entity to manage access, keys, or data processing. This checks whether trust in such an intermediary is required.
11. Is this PET scalable for large datasets? Scalability refers to whether the PET can handle large volumes of data efficiently without performance degradation, which is essential for big data applications.
12. Does this PET require substantial computing power? Some PETs, especially advanced cryptographic techniques, can be computationally intensive. This checks if the PET is resource-heavy relative to other PETs.
13. Is this PET easy to implement? This evaluates how practical and straightforward it is to adopt and integrate the PET into existing systems, including infrastructure and technical support.