Privacy enhancement technologies
Data protection and privacy
The digital age has brought about a revolution at every level. Technology is advancing at a dizzying pace, transforming industries, services and human relationships. The amount of data generated daily is estimated at more than 400 million terabytes per day, or 0.4 zettabytes per day, and is forecast to reach 394 zettabytes by 2028. But how is all this information protected in a hyperconnected world? At Iberdrola, the answer lies in ethical innovation and technologies that guarantee security without slowing progress.
All this information can come from multiple sources: personal and payment data from private and public companies, browsing and shopping data, behaviour data from social networks; data extracted from all kinds of devices such as smartwatches, sensors... Its applications are numerous and thanks to this amount of information, artificial intelligence systems have been launched, digital platforms that offer personalised services, predictive algorithms with applications in health, finance, marketing... However, we cannot lose sight of the main generators of all this information: people.
The importance of data protection and privacy in the age of technology
Digital transformation is not just a matter of efficiency or innovation. It is an opportunity to build a fairer, more inclusive and more human future. And on that path, having all the necessary measures to protect data and its privacy ensures that technological progress is made with respect, with ethics and with responsibility.
Here we enter the field of cybersecurity, in which privacy enhancement technologies (PET) play a fundamental role. These are tools that protect personally identifiable information (PII) and minimise security risks. And they achieve this without losing the functionality of that information – that is, they allow data to be used that would otherwise be unavailable to improve services and advance technologically, while complying with current legislation.
Their use not only helps respect privacy regulations and data protection but also guarantees the security of the business as a whole by preventing breaches and improving its resilience.
Protecting data is not just about complying with the law: it is about safeguarding the freedom and trust of millions of people. At Iberdrola, we apply ethical principles and advanced technologies so that each innovation respects privacy by design.
What the law says about data protection and privacy
Today, more than ever, we must understand privacy not just as a legal requirement, but as a strategic value. Protecting personal data is protecting the freedom, autonomy and dignity of each individual. It is recognising that behind each piece of data there is a story, a life, a person.
In a digital environment where everything is measured, analysed and predicted, privacy acts as a guiding principle that helps ensure that technological development remains aligned with ethical values and respect for individual rights.
The importance of properly protecting data makes it necessary to have regulations that provide a foundation on which companies must work. One of the pioneering and most influential is the General Data Protection Regulation (GDPR) enacted by the European Union in 2018. This law affects any organisation that processes the data of EU citizens, even if its headquarters are outside the EU.
Among the keys to its compliance are explicit consent to store and use data, data minimisation, the right to be forgotten, portability and notification of security breaches within 72 hours.
It also protects against the collection and use of data on a person's racial or ethnic origin, sexual orientation, political opinions, religious or philosophical convictions, trade union membership, health or biometric data (except with explicit consent) or criminal offences with the aim of preventing any kind of discrimination.
For its part, the United Kingdom created the UK Data Protection Act 2018, its own version of the GDPR following Brexit. In the case of the United States, there are no federal regulations that apply across the country; instead, each state or sector has designed its own rules. However, in the rest of the countries of the world, legislation is being implemented at the national level that addresses data processing by private entities with differences applied to each region.
Which privacy enhancement technologies exist?
Technological advances have led to the generation of an almost unimaginable volume of data. To protect that data properly, understanding both the opportunities and the risks, it is essential for companies to understand and use privacy-enhancing technologies.
Data obfuscation tools
This is a technology that "clouds" data by processing it locally and adding noise, deleting and/or hiding data to make identification difficult.
Encrypted data-processing tools
One of the most important technologies for data privacy. Processing data has always been a vulnerable point, as it was necessary to decrypt it to work with it. This type of tool allows data to be processed without having to decrypt it, so it keeps it hidden but does not modify it like data obfuscation technologies.
Federated and distributed analysis
This makes it possible to carry out analytical tasks, such as training models, using data that is neither visible to nor accessible by the party executing the task. In this way, the data remains safeguarded by those responsible for storing it and stays confidential, even though it is being analysed by third parties.
Data accountability tools
These are not considered strictly PETs because their primary purpose is not to protect data confidentiality at a technical level. However, they are designed to enforce and ensure compliance with regulations governing how data is processed, giving organisations and users greater agency and control. In other words, they bring transparency and immutability to transactions, placing part of the decision-making power in the hands of users.
Privacy and security by design
Companies that are committed to ethical digital transformation understand that trust is their most valuable asset. Incorporating these privacy enhancement technologies from the design stage, applying data minimisation principles, ensuring transparency in the use of algorithms... are practices that not only comply with the law, but also build reputation, loyalty and legitimacy.
Ethical innovation starts in the design phase. Integrating privacy from the outset – what we call “privacy by design and by default” – makes it possible to create products and services that respect the user without the need for later corrections. It is a way of anticipating, of preventing, of caring.
Tools such as Binding Corporate Rules (BCRs) allow multinational organisations to protect data uniformly in all countries where they operate. Meanwhile, privacy seals and independent certifications offer additional guarantees to users, demonstrating that data protection is not just a promise, but a verified reality.
Ethics in the age of data, a business and social purpose
It is not only a matter of how data is protected, but also how it is used. New technologies offer extraordinary opportunities. Artificial intelligence can improve medical diagnoses, personalise education or anticipate energy needs. Biometrics enable secure and fast access. The Internet of Things connects homes, cities and companies in real time. The amount of data generated is almost unimaginable.
And this entails a series of risks: algorithms that perpetuate bias, systems that monitor without consent, devices that collect data without transparency. And these risks do not affect everyone equally. Vulnerable groups – children, older people, people with disabilities – are the most exposed. That is why digital ethics are not a luxury, but a necessity. In addition to including privacy enhancement technologies, it is essential to establish processes that advance society as a whole, without bias.
That is why privacy is not the brake on innovation. It is its ethical engine. It is what allows technology to advance without leaving anyone behind. In an increasingly automated world, protecting privacy is protecting what is human.
Companies that understand this are leading a new era: the era of digitalisation with soul. An era in which technology serves not only to do more, but to do better. And on that path, privacy will always be our best ally.
Privacy: a strategic value for Iberdrola
At Iberdrola we incorporate privacy as an essential principle in all our processes and technological solutions. We apply the approach of "privacy by design and by default", integrating from the initial phase tools such as anonymisation, advanced encryption and secure execution environments to ensure that personal data is protected without compromising functionality. We also use federated analytics models and encrypted data processing techniques to develop innovative projects without exposing sensitive information.
These technologies not only allow us to comply with the most demanding regulations, such as the GDPR, but also strengthen business resilience, prevent breaches and offer our stakeholders the confidence that their data is managed with ethics, transparency and responsibility.
Our commitment is clear: to drive energy innovation while protecting privacy as a strategic value.
At Iberdrola, our vocation to serve drives us towards continuous improvement. This is only possible by understanding and using the data available to us to improve the energy system and, of course, our services. And we are aware of the value of the information we manage and the need to protect it. That is why we integrate privacy enhancement technologies from the moment of design.