Privacy enhancing technologies (PETs) have evolved from academic concepts to practical tools that can transform how organizations handle sensitive data. In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan welcome Monisha Varadan, EMEA Privacy Lead at Google, for an in-depth exploration of how PETs work in practice and why they matter more than ever in the age of AI.

What You'll Learn: 

Monisha Varadan is the EMEA Privacy Lead and Senior Privacy Engineer at Google, based in Paris, where she sits in the DPO office within the Privacy, Safety, and Security organization. With over twenty years of experience working across various industries and geographies, including previous roles as Head of Chrome Partnerships for APAC at Google, Monisha brings a unique perspective on privacy that spans technical solutions, regional regulatory variations, and cultural differences in privacy expectations. She is also a Lecturer in Corporate Entrepreneurship at INSEAD and Partner at Zephyr Ventures. Her work focuses on helping organizations understand that privacy is both a cultural and technical change process, and she has become a leading voice in making privacy enhancing technologies more accessible and practical for organizations of all sizes.

If you enjoyed this episode, make sure to subscribe, rate, and review it.

The conversation about PETs often centers on compliance, but Monisha reframes them as powerful business enablers. Privacy enhancing technologies make previously impossible use cases possible by allowing organizations to use data in privacy-preserving ways. Rather than viewing PETs solely as mechanisms to comply with regulations like GDPR, privacy professionals should present them to business stakeholders as tools that unlock new opportunities. This shift in framing is crucial for getting buy-in from revenue teams and C-level executives who may otherwise see privacy as a cost center or obstacle to innovation. For organizations considering PET implementation, the key message is that these technologies can solve real business problems—enabling data sharing, analysis, and innovation that would otherwise be blocked by privacy concerns. Privacy professionals should learn to speak the language of business enablement when advocating for PET adoption.

Monisha challenges the common practice of considering PETs only at the DPIA stage or when trying to mitigate privacy risks after a product is already designed. Instead, organizations should think about PETs from the very beginning—when first developing a product idea that involves data use. Integrating PET consideration into the earliest stages of product development makes implementation much more intuitive and effective than retrofitting privacy solutions later. This early integration aligns with true privacy by design principles, where privacy isn't an afterthought but a fundamental part of the product development process. For privacy professionals, this means engaging with product teams at the ideation stage, not just during formal privacy assessments. Organizations that make PET consideration instinctive and cultural from the start will find implementation significantly easier than those trying to solve privacy problems after the fact.

Monisha brings PETs to life with concrete examples from Google products. The "busyness times" feature in Google Maps uses differential privacy by introducing noise into location data, allowing users to see crowd levels at locations without revealing individual movements. This same technology powered COVID-19 mobility reports that helped governments understand movement patterns during the pandemic without compromising individual privacy. These examples demonstrate that the goal isn't to know exactly who was where, but rather to understand aggregate patterns—the number of people, not their identities. Privacy professionals can use these examples to help stakeholders understand that PETs allow you to get the insights you need while protecting individual privacy. The key is being clear about what you actually need from the data versus what would be nice to have, and designing your data collection accordingly.

Throughout the conversation, Monisha provides crucial reality checks about PET implementation. It's not as easy as taking a PET "off the shelf" and solving all your problems—it takes significant work, iteration, and careful selection of the right tool for the right use case. There's a substantial gap between conceptual PETs (how they work in theory) and practical PETs (how to actually implement them), and organizations are still building bridges across this gap. Using a PET doesn't automatically mean you've "ticked a GDPR box"—you still need to think carefully about how you're using the technology and the data. However, despite these challenges, progress is happening. The PET landscape is becoming more accessible through startups building practical implementations, open-source libraries, and better tooling. For privacy professionals just starting to explore PETs, Monisha's advice is clear: don't be discouraged by the complexity, but do approach implementation with realistic expectations, invest in understanding which PET solves which problem, and be prepared for iteration and experimentation.