Workshop and Seminar Highlights: Discussion on Privacy-Enhancing Technologies (PETs) Held During the 2022 Global Privacy Assembly (GPA) by the Future of Privacy Forum (FPF)

Workshop and Seminar Highlights: Discussion on Privacy-Enhancing Technologies (PETs) Held During the 2022 Global Privacy Assembly (GPA) by the Future of Privacy Forum (FPF)

The 2022 Global Privacy Assembly (GPA), held in Istanbul, Turkey, was a significant event that focused on Privacy Enhancing Technologies (PETs) and their potential to strengthen data protection.

The discussions at the GPA highlighted that PETs can support compliance by minimizing personal data use and enhancing user control. However, the real-world impact of PETs depends on transparent implementation, legal clarity, and ongoing evaluation of effectiveness by both regulators and practitioners.

One of the key highlights of the event was a workshop conducted by the Future of Privacy Forum (FPF), led by Dr. Gabriela Zanfir-Fortuna, Vice President for Global Privacy, and Dr. Rob van Eijk, Managing Director for Europe. The workshop was a condensed version of the Masterclass that FPF hosted at the 2022 Computers, Privacy and Data Protection (CPDP) Conference.

The workshop covered various topics, including the legal qualification of PETs under the EU's data protection framework and how they could be leveraged to attain compliance. It also included a primer on three PETs: Differential Privacy, Synthetic Data, and Homomorphic Encryption.

Geff Brown, Associate General Counsel at Microsoft, highlighted the use of differential privacy in multiple apps for analytics and improving Natural Language Processing models. He also called for an update to the 2014 guidance on anonymization by the European Data Protection Board (EDPB) and for regulators to conduct PET testing and share results with the public.

Emerald De Leeuw-Goggin, Global Head of Privacy at Logitech, mentioned the need for increased accessibility and scalability of PETs, suggesting offering them as a service to internal teams. Barbara Cosgrove, CPO at Workday, stated that B2B companies receive questions about implementing PETs and the need for regulatory clarity, particularly on de-identification.

The panel included Anna Zeiter (Chief Privacy Officer at eBay), Emerald De Leeuw-Goggin (Global Head of Privacy at Logitech), Barbara Cosgrove (CPO at Workday), and Geff Brown (Associate General Counsel at Microsoft). The session also included contributions from Rebecca Kelly Slaughter (FTC Commissioner), Tobias Judin (Head of the International Department of the Norwegian DPA), Gilad Semama (Privacy Commissioner of Israel), and Vitelio Ruiz Bernal (Director of Supervision at the Mexican DPA).

The first part of the FPF Side Event was titled 'Regulatory Views on the Role and Effectiveness of PETs' and was moderated by Limor Schmerling Magazanik. The second part was entitled 'Lessons Learned from Implementing PETs' and was moderated by FPF's CEO Jules Polonetsky.

Jules Polonetsky expressed the desire to learn about industry leaders' experiences with integrating PETs into compliance strategies. Anna Zeiter discussed meetings with the German DPA regarding PETs and compliance with the Schrems II ruling.

The discussions at the GPA underscored that PETs must be aligned with established data protection laws and must demonstrate how they effectively protect privacy without undermining lawful purposes such as law enforcement needs. Regulators stress the need for clear documentation, impact assessments, and managing risks such as bias or misuse.

The interplay between regulation and practice requires transparency, accountability, and public trust, with emphasis on clear purposes for PET use, periodic audits, and risk mitigation strategies. While no single technology fully guarantees privacy, the GPA discussions converge on the consensus that PETs are a critical part of a comprehensive privacy framework if embedded within appropriate regulatory safeguards and accountability mechanisms.

Despite no specific dedicated summary report from the 2022 GPA on PETs being found, this synthesis relies on relevant related regulatory perspectives and privacy technology discussions current as of 2025. Geff Brown also expressed the need for tech companies to better explain PETs to consumers and corporate customers, and for standardization efforts and favorable DPA positions.

1. The 2022 Global Privacy Assembly in Istanbul, Turkey, emphasized the potential of Privacy Enhancing Technologies (PETs) to strengthen data protection.
2. PETs can support compliance by minimizing personal data use and enhancing user control, but their real-world impact depends on transparent implementation and legal clarity.
3. The Future of Privacy Forum (FPF) conducted a workshop at the GPA, focusing on the legal qualification of PETs and their role in achieving compliance.
4. Differential Privacy, Synthetic Data, and Homomorphic Encryption were discussed as PETs in the FPF workshop, with Geff Brown advocating for an update to the 2014 guidance on anonymization by the European Data Protection Board.
5. Emerald De Leeuw-Goggin from Logitech suggested making PETs more accessible and scalable for internal teams and external services.
6. Barbara Cosgrove from Workday noted that B2B companies receive questions about implementing PETs and the need for regulatory clarity, particularly on de-identification.
7. Jules Polonetsky, CEO of FPF, sought industry leaders' experiences with integrating PETs into compliance strategies.
8. Anna Zeiter discussed meetings with the German DPA regarding PETs and compliance with the Schrems II ruling.
9. Regulatory Views on the Role and Effectiveness of PETs was the first part of the FPF Side Event, while the second part was Lessons Learned from Implementing PETs.
10. The discussions at the GPA emphasized that PETs must align with data protection laws and demonstrate privacy protection without undermining lawful purposes, with clear documentation, impact assessments, and risk management being essential.
11. The interplay between regulation and practice requires transparency, accountability, and public trust, and PETs are considered a critical part of a comprehensive privacy framework if embedded within appropriate regulatory safeguards and accountability mechanisms, even though no single technology fully guarantees privacy.

Read also: