PETs are powerful tools that can enhance the effectiveness of privacy and data protection measures. However, they are not a silver bullet nor a standalone solution. Their use comes with significant risks and limitations ranging from data leakage to high computational costs. Therefore, they cannot substitute existing laws and regulations but complement these in helping implement privacy protection principles.

Policymakers and privacy enforcement authorities (PEAs) should take the opportunities and risks of emerging PETs into account as they review their complementarities with existing privacy  frameworks. Many countries have put in place a wide range of initiatives to promote the adoption of PETs including through regulatory guidance. Other complementary measures range from R&D to regulatory sandboxes.

PETs offer innovative solutions that could help address some of complexities associated with the regulations of cross-border flows of data that is personal or confidential in nature. For instance, some PETs have the potential to obfuscate personal data to such an extent that it can no longer relate to an identifiable individual and could thus be shared, including across borders, without falling foul of cross-border data transfer regulations.  

Policymakers and PEAs should continue to explore the extent of PETs' successes and limitations in the areas of cross-border data flows and the appropriate support in their development and adoption. This requires further analysis, consensus, and collaborative efforts among stakeholders, including policymakers, PEAs, technologists, and organisations.

PETs are instrumental in fostering trust, enabling secure collaboration, and addressing various critical considerations for data sharing. While PETs excel in safeguarding privacy, they are increasingly applied to other types of data for ensuring the confidentiality and integrity of all types of sensitive information, including intellectual property, trade secrets, and other proprietary information. PETs also play a pivotal role in enhancing digital security, including safeguarding against data breaches.

Policymakers and PEAs need to consider the multifaceted applications underscored by PETs' potential in addressing the evolving challenges for promoting secure and trustworthy data ecosystems beyond privacy protection.

PETs encompass various categories, each designed for distinct privacy and data governance objectives, including data obfuscation, encrypted processing, federated learning, and data accountability. The appropriate use and combination of PETs depends on the specific use case and their maturity, highlighting the need for use case specific considerations.

Policy makers and PEAs should consider adopting taxonomy-based approach when identifying and prioritising the most promising use cases for PETs. This framework can be the basis for regulatory guidance and policy standards, fostering a cohesive and coordinated approach to harnessing PETs for addressing privacy and data governance challenges.