By Clarice Foo, Senior Media & Communications Executive
Privacy-Enhancing Technologies (PETs) have long been seen as the exclusive domain of cryptographers and privacy experts. But as more organisations consider them for secure data-sharing and collaboration between sectors and countries, they are slowly gaining ground as a practical and powerful solution for balancing data utility with data protection.
Market projections reflect this shift. Industry studies estimate that the global PETs market will grow at a compound annual growth rate (CAGR) of around 26% over the next decade, driven by the twin imperatives of stricter privacy compliance and the pursuit of new value from data to further one’s competitive advantage. This momentum is already visible in how some industries are embedding PETs into their operations.
From Awareness to Adoption
Initial implementation worldwide has been led by financial services, healthcare and advertising industries where privacy-preserving data handling are essential. This is partly due to regulatory pressure from sectoral data privacy rules as well as regional or national laws like the General Data Protection Regulation (GDPR), Singapore Personal Data Protection Act (PDPA), or California Consumer Privacy Act (CCPA). While there is no explicit mandate for the use of PETs, these regulations emphasise principles like data minimisation, integrity, and confidentiality, which PETs can help organisations achieve.
Equally compelling is the role of PETs as innovation enablers. In his keynote at the PETs Summit during Singapore’s Personal Data Protection (PDP) Week 2025, Lew Chuen Hong, Chief Executive of the Infocomm Media Development Authority (IMDA) of Singapore, described how PETs now enable cross-industry and sectorial partnerships that may have been impractical before due to inherent privacy concerns.
By allowing organisations to maximise insights from sensitive data without compromising privacy, PETs are opening technical gateways to breakthroughs in fields ranging from finance, media, law enforcement, the built environment and beyond. These were made possible through approaches like Differential Privacy (a form of data obfuscation), Secure Multiparty Computation (SMPC), Trusted Execution Environments (TEEs), synthetic data and Federated Learning.
If these terms seem mind-boggling, here’s an introduction to PETs to get you on track.
Lew also pointed to a notable shift in accessibility with PETs becoming more productised. Solution providers now readily provide APIs, SDKs and some no or low-code platforms for PETs implementation, shortening the time to market even for those without specialised knowledge. All this is helping to prime the PETs landscape with lowered barriers to entry for more widespread uptake.
PETs in Action
Since 2022, the IMDA PET Sandbox has continued to showcase how privacy-preserving data collaboration can unlock both business value and regulatory confidence. For some of the key participating companies, they have moved beyond pilots to live, income-yielding deployments.
To target new leads in advertising, SPH Media employed a TEE to match its customer data with that of a Global Wealth Manager (GWM), enabling the latter to serve ads to prospective customers in SPH Media’s database without accessing their individual identities. In a similar vein, TikTok used a blend of SMPC, encryption and Differential Privacy to allow advertisers on the platform to conduct ad attribution while keeping user data confidential from one another.
In fintech, Ant Internationalused a combination of Federated Learning, SMPC and Homomorphic Encryption to jointly train an AI model on user preference and behavioural data with a digital wallet partner, without either party accessing the other’s customer information. As a result, they saw a 90% relative improvement in promotion uptake by customers. On the construction front, companies like Kajima leveraged synthetic data to simulate building occupant behaviour, allowing researchers to execute privacy-preserving analysis on human interactions in the built environment.
Clearly, PETs can deliver tangible business outcomes across industries. But moving from pilots to practice is rarely straightforward and each success carries its own set of obstacles, offering valuable lessons for organisations still weighing their options.
Lessons from the Frontline in Implementing PETs
For SPH Media, adoption required balancing advertiser demands with privacy obligations, and a concerted effort between stakeholders. According to Manaswita Sarkar, Head of Audience and Data Strategy, SPH Media it was a “one-and-a-half-year journey to align legal, infosec, finance and management stakeholders.” Guidance by the Personal Data Protection Commission (PDPC) was key in helping them navigate compliance requirements and get stakeholder buy-in.
Duan Pu, Ant International’s Head of PETs Department, explained the trade-offs of integrating PETs in cross-border financial transactions. While it has helped them enhance data protection compliance with different regulations across countries, embedding them into existing product lines required re-engineering critical functions like risk control in machine learning without affecting performance.
Imperfections in synthetic data could also affect data utility for accurate analysis. “Our synthetic data captures basic statistics, but struggles with reproducing complex data interactions in small datasets like ours,” said Sohei Arisaka, Senior Researcher, Kajima, referring to their case study on building occupant behaviour. “At the same time, public education on synthetic data to clarify its benefits and safety can address misconceptions about it among users and decision-makers in organisations.” In this regard, the PDPC's formal framework for synthetic data generation has been helpful in allowing companies to confidently test new technologies.
The importance of engaging regulators early to clarify requirements and build trust in PETs applications was also emphasised. Smaller companies are recommended to begin with foundational privacy practices and scale into PET solutions progressively, guided by their specific data needs.
Adeline Tung, Director (Policy & Technology), PDPC observed that successful adopters share three traits: “Strong alignment between business objectives and legal requirements, strong data & AI governance frameworks, and a willingness to invest in technical capabilities.”
Together, these experiences underline that PETs implementation is not defined by the tools alone, but also by how well organisations can align departments, compliance and technical infrastructure to translate PETs from pilots into sustainable practice.
A Closer Look at Synthetic Data for AI Development
PETs are also becoming essential for privacy-conscious AI and machine learning applications, and synthetic data has emerged as one of the focal points this year. Its promise lies in enabling model training without exposing sensitive information, but its limitations and risks are also under active debate.
Kareem Amin, Research Scientist at Google, described its appeal: “What's exciting about synthetic data is it allows us to incorporate privacy early in our product pipelines without having to change the processes.…It’s a very elegant interface for dealing with privacy challenges.” At the same time, he cautioned that synthetic data can sometimes “be too representative of user data.” It must, therefore, be carefully controlled to avoid reproducing sensitive behaviours that could compromise privacy or abnormal activities that may not be of desirable quality for developing AI models.
For Mastercard, the benefit of synthetic data is speed in research collaboration without sacrificing meaningful insight. Poh Wan Ting, Vice President of Data Science & AI, Mastercard commented that “to share real data externally requires lots of approval and can be a long process…using synthetic data that is statistically similar to our actual data shortens this timeline while still yielding meaningful insights.”
She added that synthetic data also helps fill expertise gaps in AI development, such as the building of specialised chatbots. To supplement the scarce input of hard-to-find subject matter experts on what users might ask, they used “a combination of synthetic data to amplify [the experts’] knowledge and create diverse variations of question sets” for more effective model training without relying solely on human resources.
Beyond Commercial Use: PETs for Public Good
As commercial use cases continue to multiply, PETs are also proving their worth in the public sector, particularly where trust in cross-border data flows is essential.
Fabio Bruno, Assistant Director of Applied Innovation, Interpol Global Complex for Innovation, described the roadblocks law enforcement face when sharing data across jurisdictions and how PETs can make investigations more efficient. While the Interpol does not conduct investigations directly, it acts as a cooperative body for national police forces, facilitating knowledge-sharing among its 196 member countries.
“Law enforcement often just needs to know if specific information exists before starting a very complicated international data transfer procedure,” he explained, citing that Homomorphic Encryption can help law enforcement obtain necessary information without needing the whole picture of ongoing investigations. This technique allows the processing of encrypted information without decrypting it first, thereby preserving the privacy and integrity of data shared between both parties. Resultingly, it reduces time and costs associated with traditional data requests.
A similar principle underpins Mastercard’s recent exploration of Fully Homomorphic Encryption (FHE) to enable secure sharing of financial crime intelligence across international borders while complying with the differing regulatory requirements in each jurisdiction. By allowing sensitive financial intelligence to be processed in encrypted form, the initiative demonstrates how PETs can help both the private and public sectors tackle risks like financial crime collaboratively, without exposing raw data.
This approach is not limited to law enforcement and finance. Public health, environmental research, and sustainability initiatives can all benefit from PETs that allow public and private entities to share sensitive data securely. Angela Chee, Director of the Institute for Infocomm Research, A*STAR, emphasised its wider role. “It could advance societal impact…whether it’s for predicting disease or enabling public-private data collaboration for climate issues, sustainability or health outcomes,” she stated.
Where PETs Go Next
As the ecosystem for PETs adoption matures, international cooperation and regulatory clarity are becoming just as critical as technical innovation. Singapore is actively working with ASEAN member states and global bodies such as the Organisation for Economic Co-operation and Development (OECD) to encourage regional adoption and enable smoother cross-border data flows. The recently launched PETs Adoption Guide, developed from the insights of the PET Sandbox use cases, provides organisations with a structured, evolving resource for evaluating and operationalising PETs securely.
For businesses, however, regulatory clarity alone is not enough. As Bojana Bellamy, President of the Centre for Information Policy Leadership (CIPL), put it: “accountability today must also include technological aspects…data privacy officers are not just lawyers anymore - they have to be technologists, sitting at the table when technology decisions are made.”
This reflects the larger trajectory of PETs: moving from promising pilots to everyday infrastructure in data innovation strategies. With maturing technology, regulatory support, and a growing body of proven deployments, PETs are poised to not only safeguard privacy compliance, but enable data to work harder for both businesses and society along new pathways for secure, trusted collaboration.
This article was originally published on 26 Aug 2025 at the Governance Age.
