Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/IEC 27555:2022 — Privacy Enhancing Technologies — Comprehensive Guidelines
Comprehensive guidelines for selecting and deploying Privacy Enhancing Technologies
1. Introduction to ISO/IEC 27555:2022
ISO/IEC 27555:2022 provides comprehensive guidelines for Privacy Enhancing Technologies (PETs) — a diverse set of tools, techniques, and systems designed to protect personal information while enabling data-driven value creation. As organizations increasingly rely on data analytics, artificial intelligence, and cross-border data flows, the need for robust technical privacy controls has never been more urgent. This standard fills a critical gap by offering a systematic classification of available PETs, deployment guidance tailored to different processing contexts, and organizational adoption strategies. Unlike standards that focus on a single technology (e.g., differential privacy or encryption), 27555 takes a broad view, covering everything from encryption-based PETs and anonymization techniques to advanced cryptographic protocols and system-level privacy architectures.
ISO/IEC 27555 serves as the essential “PET taxonomy” for privacy engineers, enabling informed technology selection by mapping PET capabilities to specific privacy risks and operational requirements.
2. PET Classification and Technical Landscape
The standard organizes PETs into four broad categories based on their primary privacy function. Data masking and anonymization PETs transform data at rest to reduce identifiability, including techniques like generalization, suppression, perturbation, k-anonymity, l-diversity, t-closeness, and differential privacy. Encryption-based PETs protect data in transit and at rest, including field-level encryption, format-preserving encryption, order-preserving encryption for databases, and searchable encryption enabling query over encrypted data. Advanced cryptographic PETs enable computation on protected data without decrypting it — homomorphic encryption (partial and fully), secure multi-party computation (MPC), and trusted execution environments (TEEs) with remote attestation. System-level privacy PETs include privacy-preserving authentication, anonymous communication networks (Tor, mix networks), private information retrieval (PIR) protocols, and federated analytics/learning architectures that keep data at the source.
| PET Category | Technologies | Privacy Guarantee | Maturity | Performance Impact |
|---|---|---|---|---|
| Data Masking | Generalization, k-anonymity, differential privacy | Statistical privacy | High (production-ready) | Low-Medium |
| Encryption-based | AES-256, searchable encryption, OPE | Confidentiality + limited queryability | High | Low-High (varies) |
| Advanced Crypto | Homomorphic encryption, MPC, TEE | Computation on encrypted data | Medium (FHE still slow) | Very High (FHE: 106x slowdown) |
| System-level | Tor, PIR, federated learning | Communication privacy, data locality | Medium-High | Medium-High (latency, bandwidth) |
A key insight from the standard: no single PET solves all privacy challenges. Effective privacy engineering requires layered deployment — combining encryption for data in transit, anonymization for published data, and access controls at the system level.
3. Deployment Strategies and Organizational Adoption
ISO/IEC 27555 provides structured deployment guidance organized by data processing phases: collection, storage, processing, sharing, and disposal. For each phase, the standard recommends specific PETs and configurations. During collection, PETs such as client-side differential privacy and minimal disclosure protocols should be applied before data leaves the user’s device. During storage, encryption-at-rest with hardware-backed key management is the baseline, supplemented by tokenization or pseudonymization for structured databases. During processing, the standard guides readers through the trade-offs between fully homomorphic encryption (maximum security, very high computational cost), secure enclaves (strong security with practical performance), and federated computation (balanced approach). The standard also addresses organizational adoption challenges: PET expertise scarcity, integration with legacy systems, performance budgeting, and the need for privacy engineering roles. It recommends a maturity model approach where organizations progress from basic encryption-only deployments toward comprehensive multi-PET architectures as their privacy program matures.
The standard’s deployment decision trees have been adopted by several national data protection authorities as reference architecture for privacy-compliant data processing in regulated sectors.
4. Frequently Asked Questions
Q1: How do I choose between differential privacy and anonymization for publishing statistical data?
The standard recommends differential privacy when the data will be used for aggregate statistical queries and the privacy budget can be managed. Anonymization (k-anonymity etc.) is preferred when the data will be published as a complete dataset and must support ad-hoc analyses by data recipients.
The standard recommends differential privacy when the data will be used for aggregate statistical queries and the privacy budget can be managed. Anonymization (k-anonymity etc.) is preferred when the data will be published as a complete dataset and must support ad-hoc analyses by data recipients.
Q2: Is homomorphic encryption ready for production use?
Partially homomorphic encryption (PHE) and somewhat homomorphic encryption (SHE) are production-ready for specific use cases like encrypted payment processing. Fully homomorphic encryption (FHE) remains too computationally expensive for most applications, though performance is improving rapidly.
Partially homomorphic encryption (PHE) and somewhat homomorphic encryption (SHE) are production-ready for specific use cases like encrypted payment processing. Fully homomorphic encryption (FHE) remains too computationally expensive for most applications, though performance is improving rapidly.
Q3: What PETs are recommended for cloud data processing?
The standard recommends a layered approach: (1) encryption-in-transit (TLS 1.3), (2) encryption-at-rest with customer-managed keys (CMK), (3) tokenization or pseudonymization of PII fields before cloud upload, and (4) confidential computing (TEE/AMD SEV/Intel SGX) for in-memory data processing.
The standard recommends a layered approach: (1) encryption-in-transit (TLS 1.3), (2) encryption-at-rest with customer-managed keys (CMK), (3) tokenization or pseudonymization of PII fields before cloud upload, and (4) confidential computing (TEE/AMD SEV/Intel SGX) for in-memory data processing.
Q4: How does federated learning fit into the PET landscape?
Federated learning is classified as a system-level PET. It reduces privacy risk by keeping raw data on local devices, but is not a complete privacy solution — model updates can still leak information, so the standard recommends combining federated learning with differential privacy (DP-FL) and secure aggregation.
Federated learning is classified as a system-level PET. It reduces privacy risk by keeping raw data on local devices, but is not a complete privacy solution — model updates can still leak information, so the standard recommends combining federated learning with differential privacy (DP-FL) and secure aggregation.
