Privacy-Enhancing Technologies and Digital Identities

Introduction

Privacy-Enhancing Technologies (PETs) are tools and methods designed to protect individual privacy while still enabling useful data processing. According to the European Union Agency for Cybersecurity (ENISA), PETs protect privacy by reducing personal data or preventing unnecessary processing, all without losing system functionality (ENISA, 2018).

In the context of digital identity systems, PETs are crucial because they safeguard highly sensitive personal information. This text explains what PETs are, distinguishes between hard and soft privacy technologies, shows how they are applied in digital identity, and outlines their role in legal frameworks such as the GDPR and NIST guidelines.

Hard vs. Soft Privacy Technologies

Soft Privacy

Soft privacy technologies are typically organizational measures:

• Access controls (restrict who can access data)
• Encryption of data at rest and in transit
• Differential privacy (adding statistical noise)
• Pseudonymization or tokenization

These methods assume some level of trust in the data processor.

Hard Privacy

Hard privacy technologies shift control to the user and rely on strong cryptography. Examples include:

• Onion routing (e.g., Tor)
• Virtual private networks (VPNs)
• Zero-knowledge proofs
• Homomorphic encryption

Hard PETs reduce or eliminate the need to trust third parties.

PETs in Digital Identity

Digital identities represent people online through usernames, credentials, or attributes. PETs reduce the risk of oversharing.

Examples:

• Selective disclosure: proving someone is “over 18” without revealing the exact date of birth.
• Zero-knowledge proofs: verifying identity claims without exposing underlying details.
• Federated identity systems: enabling login across services without creating new silos of personal data.

PETs also improve unlinkability across services. For instance, token-based systems or blinded credentials ensure that activities on different platforms cannot be easily correlated.

Legal and Regulatory Context

GDPR (EU)

• Requires data minimization and privacy by design.
• PETs help organizations meet these principles (Articles 5 and 25).
• Examples: encryption, pseudonymization, anonymization, differential privacy.

NIST Guidelines (US)

• NIST SP 800-63 emphasizes secure identity proofing and authentication.
• Encourages pseudonymous interactions where possible.
• Promotes PET adoption as part of privacy-preserving digital identity systems.

Global Frameworks

• OECD guidelines and similar frameworks underline accountability and transparency.
• PETs operationalize these principles in practice.

Examples of PET Applications

• Encryption: protects identity data in storage and transit.
• Pseudonymization: replaces identifiers with tokens.
• Zero-knowledge proofs: prove a fact (e.g., age) without revealing details.
• Federated systems: enable authentication without creating multiple data silos.

How Simptel Contributes

Simptel approaches digital identity with privacy built in from the start.

• The Simptel platform offers APIs for developers to integrate PETs directly.
• Personal data is stored encrypted by default.
• Authentication and access control features reduce unnecessary data sharing.

By embedding PETs into its platform, Simptel enables organizations to build digital identity systems that are compliant, secure, and user-friendly.

References

Auñón, J. M., Hurtado-Ramírez, D., Porras-Díaz, L., Irigoyen-Peña, B., Rahmian, S., Al-Khazraji, Y., Soler-Garrido, J., & Kotsev, A. (2024). Evaluation and utilisation of privacy enhancing technologies—A data spaces perspective. Data in Brief, 55, 110560. https://doi.org/10.xxxx

Blanchard, S. (2022, May). Privacy enhancing technologies and how they can help. Data Protection Network. Retrieved from https://www.dpnetwork.org.uk

ENISA. (2018). Privacy Enhancing Technologies. European Union Agency for Cybersecurity.

Information Commissioner’s Office (ICO). (2023). Privacy-Enhancing Technologies (PETs) Guidance. Retrieved from https://ico.org.uk

National Institute of Standards and Technology (NIST). (2017). Digital Identity Guidelines (SP 800-63). Gaithersburg, MD: NIST.

National Institute of Standards and Technology (NIST). (2015). Building the Future of Identity Privacy. NIST Cybersecurity Insights Blog.

Simptel. (2025). Simptel Identity Platform – Product Overview. Simptel, Inc.