Official statistics are a trusted source of information for governments around the world to make informed and data-driven decisions. As such, the breadth of information is collected from a range of data sources such as household and business surveys, population, economic or agricultural censuses, a variety of administrative records or even private sector data. Those data sources are the inputs for the compilation of statistics and indicators on the economy, the environment and the society. In many ways, official statistics offer a snapshot of a country's development and rate of progress. Naturally, the more fine-grained the level of input data, the more nuanced the official statistics can be. However, the collection, processing, and dissemination of often sensitive data need to protect the privacy of persons and businesses. Additionally, looking at National Statistical Offices (NSOs) as part of national and international data ecosystems, NSOs could potentially share much more data if able to protect their privacy. This inevitable tradeoff is the focus of this document, or more concisely: how can we use technology to mitigate privacy risks and give provable privacy guarantees throughout the collection, processing, analysis and distribution life-cycle of potentially sensitive information.

This document explores current approaches to data protection (e.g., data de-identification, input party computation, contractual controls and agreements) and their associated limitations. In order to facilitate experimentation on pilot projects and effective collaboration on “real world” use cases, the UN Privacy Preserving Techniques Task Team founded the UN PET Lab.

Two broad categories of PETs (e.g., input privacy, output privacy) are introduced, including secure multiparty computation, homomorphic encryption, differential privacy, synthetic data, distributed learning, zero-knowledge proof, and trusted execution environments.

Detailed case studies are presented that comprise a diverse range of use cases across sectors, leverage combinations of PETs, and involve collaboration among parties (such as multiple NSOs working together, NSOs working with other government agencies, and NSOs working with private sector organizations). Fifteen of the case studies describe implementations that are in the concept or pilot stage and three that have been deployed in production environments.

This document provides an overview of standards-making activities and identifies several new standards relevant to the processing of datasets, including standards under development and some that are a product of the precautionary principle applied to standards-making for artificial intelligence (AI).

Given the expansion of activity dealing with PETs and the context in which they may be applied, standards are presented in two parts. The first identifies essential standards with sections on encryption and security techniques. The second considers indirectly related standards that could affect the environment - technical and organizational - in which PETs may be deployed, with subtopics on cloud computing, big data, governance, AI, and data quality. For those interested in the “bigger picture”, there is an additional section on Related Standards.