Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: ICO and RTA publish blog on costs and benefits of adopting PETs

On February 22, 2024, the Information Commissioner's Office (ICO) announced, via a LinkedIn post, that it had published a joint blog with the Responsible Technology Adoption Unit (RTA) titled Privacy-Preserving Federated Learning: Understanding the Costs and Benefits. According to the blog, in June 2023, the Department of Science, Innovation and Technology (DSIT) and the ICO announced a collaboration to develop a tool to support organizations in assessing the costs and benefits of adopting Privacy Enhancing Technologies (PETs), noting that the blog is a first step towards developing the tool.

More specifically, the blog explains federated learning as an approach to machine learning (ML) that involves training a model without the centralized collection of training data. It further states that PETs can be layered on top of federated learning to guard against the reconstruction of sensitive data from model updates or outputs, known as privacy-preserving federated learning (PPFL). 

In particular, the blog highlights the costs and benefits of PPFL, rather than a centralized approach, which can significantly reduce privacy risks. It reduces the amount of data that needs to be shared, which helps to mitigate the risks associated with transferring and centrally storing data. Further, the blog references ICO's guidance on differential privacy stating that when used appropriately, differentially private data can be considered anonymized. This anonymization of outputs limits data protection risks caused by inappropriate or insecure disclosure or publication of personal data and processing data locally also aligns with data minimization and data protection by design and default requirements.

You can read the LinkedIn post here and the blog here.