As devices continue to become more connected around the world, heralding new heights for the Internet of Things, The amount of data is also increasing astronomically.
More than ever before in the digital world’s history, businesses are swimming in massive rivers of data. For context, Statista puts the amount of data generated worldwide at 79 zettabytes in 2021 but expects that number to more than double by 2025, reaching 180 zettabytes. If you don’t know, one zettabyte is roughly equal to one trillion gigabytes. That is an incredible amount of data!
But surprisingly, despite such large amounts of data, businesses often cannot contextualize much of it, facing challenges around data lakes, data silos, and data privacy. It’s a double-edged state in the business ecosystem: Data is plentiful, but hard to use — largely because of data privacy concerns.
The majority of data today comes from consumer use of devices and gadgets. What does that have to do with anything? Well, everything. The data generated by consumers helps organizations create customer-centric products and services. The main obstacle to doing so, however, is the evolution of consumer data privacy.
Consumers increasingly do not want to be tracked by companies. Another bottleneck, perhaps even bigger, is that some data cannot be collected due to privacy laws. Some types of data are too sensitive to be requested. The result? Limited data, biased dataor no data at all.
This raises the question: How can companies – especially data-heavy businesses – use aggregated user statistics without exposing themselves to the risks associated with consumer data?
NTT Research, a part of NTT Group, tried to answer that question at the recent 2023 Upgrade Reality Summit. At the event, NTT Research unveiled and demonstrated a new product called “private telemetry system,” a cryptographic technology for private use of aggregate data. The technology is the foundation on which NTT’s new data-privacy-as-a-service approach is built, “providing a protocol for hiding values while enabling companies to securely access previously unsecured attainable data.”
The Big Problem in Data Privacy Today
According to Andy Thurai, vice president and principal analyst at Constellation Research, achieving the right data privacy standards will be a daunting task ahead, especially “given the nature of connected systems, and cloud-native applications away from walled gardens.”
Many businesses still lack even basic security to protect sensitive data, as evidenced by major data breaches, Thurai said. “While data privacy laws such as General Data Protection Regulation and others try to put some control on these issues, the lack of skills, knowledge gap, mixing of old and newer systems, and the need to create large data pools to train large AI models, all of which will make data privacy more difficult moving forward,” he added.
Funso Richard, Ensemble Health Partners’ information security officer, echoed Thurai’s concerns. Richard noted that while digital transformation has facilitated operational efficiency in the energy sector, it has led to many challenges – including the large amount of data that is collected, stored, protected, used, and managed. He also listed other challenges, as well: the lack of data visibility, a poor data culture, rising maintenance costs, and compliance with a long list of competing regulatory requirements.
Balancing Data Needs and Privacy Rights
NTT’s private telemetry system aims to kill two birds with one stone: Help companies securely access, contextualize, and use the data they need to create customer-centric products and services while assuring individual consumers that these companies will never be exposed to their personal data.
Elette Boyle, a senior scientist at NTT Research’s Cryptography and Information Security (CIS) Lab, emphasized that companies want and need data to develop offerings. For example, companies need to know which features are used more often and which are used less often. “This information is important and very important as it helps guide future proceedings,” he said. While it’s true that information is already on devices that consumers use every day — which companies can collect and send back to manufacturers — Boyle admits that privacy rights are often restrictive.
To navigate today’s multifaceted privacy landmines, many companies are turning to strategies such as the “opt-in approach,” which allows customers to decide whether they want their data tracked, and the “pay-to-get method,” where companies pay customers for access to their data.
The middle ground between the two methods is where NTT’s private telemetry system pitches its tent. Boyle claims that the private telemetry system allows companies to use aggregate data without turning over user-specific personal data, ensuring that data is collected in compliance with privacy laws. In fact, this new technology “allows you to see one and not see the other,” he explained.
Richard believes that NTT is offering a game changer. “A private telemetry system provides valuable insights into how consumers use products and what manufacturers can do to improve their offerings,” he said. He noted that the benefits include providing real-time data on product performance, detecting operational inefficiency, improving efficiency and effectiveness, and making timely and informed operational decisions. .
Explaining how the technology works, Boyle said it “disaggregates data and hides value but still allows aggregation.” Private data is encrypted, while aggregated data is visible and transferred back to the company.
Speaking further on the technology’s potential, Richard added that “if set up correctly, organizations can mitigate the impact of privacy concerns and still provide the best product delivery to consumers without violate compliance regulations.”
What’s Next for NTT’s Private Telemetry System
While Thurai praised the launch of the new technology, he maintained that there were no challenges, especially in terms of cost and security. Regardless of NTT’s rollout of the private telemetry system, Thurai believes that much still depends on proper security hygiene.
Richard agrees, noting that organizations need to think about what types of data they are extracting from sensors and signals, as well as how that data will be used, stored, and processed. “They should collect the minimum data required and provide transparency about data collection and use,” he said. “Appropriate data protection measures such as encryption, access control, tokenization, and de-identification must be put in place to prevent unauthorized access and modification of data.”
However, NTT’s CIS Lab claims that the private telemetry system “explores attribute-based encryption, homomorphic encryption, and functional encryption in terms of security and privacy.” While Boyle admits that NTT has yet to explore the full range of applications for this technology, he noted that many settings can be cut, including mobile phone companies, networking companies, software vendors, car manufacturers, and others.
“What’s next for the potential application settings of this technology will be seen in the feedback and conversations we’re having with people from here,” Boyle said.