Privacy & Information Security Law Blog

On March 24, 2025, the Centre for Information Policy Leadership at Hunton (“CIPL”) released a white paper on Privacy-Enhancing and Privacy-Preserving Technologies in AI: Enabling Data Use and Operationalizing Privacy by Design and Default (the “Paper”).

The paper provides an in-depth exploration of how privacy-enhancing technologies (“PETs”) are being deployed to address privacy within artificial intelligence (“AI”) systems. It aims to describe how these technologies can help operationalize privacy by design and default and serve as key business enablers, allowing companies and public sector organizations to access, share and use data that would otherwise be unavailable. It also seeks to demonstrate how PETs can address challenges and provide new opportunities across the AI life cycle, from data sourcing to model deployment, and includes real-world case studies.

CIPL seeks to emphasize that PETs have the potential to play an increasingly central role in the development and deployment of accountable, privacy-friendly AI systems. CIPL is of the view that he future success of PETs relies on support and guidance from regulatory bodies, including privacy and AI authorities, and that these entities can create incentives and foster trust in PETs to encourage integration of these technologies into organizations’ AI and data governance frameworks.

As further detailed in the Paper, CIPL’s recommendations for boosting the adoption of PETs for AI are as follows:

• Regulators should issue more clear and practical guidance to reduce regulatory uncertainty in the use of PETs in AI. While regulators increasingly recognize the value of PETs, clearer and more practical guidance is needed to help organizations implement these technologies effectively.
• Regulators should adopt a risk-based approach to assess how PETs can meet standards for data anonymization, providing clear guidance to eliminate uncertainty. There is uncertainty around whether various PETs meet legal standards for data anonymization. A risk-based approach to defining anonymization standards could encourage wider adoption of PETs.
• Deployers should take steps to provide contextually appropriate transparency to customers and data subjects. Given the complexity of PETs, deployers should ensure customers and data subjects understand how PETs function within AI models.
• Deployers should take care to ensure that clear mechanisms exist for data subjects to exercise their rights, where applicable. PETs may alter data in ways that affect data subject rights. Deployers must establish processes to help subjects exercise their rights.
• Deployers must balance protecting privacy with data utility considerations. While protecting privacy is crucial, deployers must also ensure that PETs do not impede the utility of data for AI development.
• Policymakers and industry must work together to address the demand for large computing resources. The use of PETs in AI can require substantial computing resources. Policymakers and industry need to work together to ensure adequate resources are available.
• Regulators should incentivize proactive dialogue, further research, and experimentation with PETs within regulatory sandboxes. Encouraging collaboration in regulatory sandboxes would promote ongoing dialogue and knowledge exchange between key stakeholders, helping develop adaptable regulatory frameworks that keep pace with PETs.
• Stakeholders should adopt a holistic view of the benefits of PETs in AI. PETs deliver value beyond addressing privacy and security concerns, such as fostering trust and enabling data sharing. It is crucial that stakeholders consider all these advantages when making decisions about their use.

CIPL is hosting a webinar to explore the key themes of the Paper on April 29, 2025, registration available here.