Quantum technologies harness the principles of quantum mechanics to offer revolutionary advances in computing, communications, sensing, timing and imaging. They encompass a broad range of enabling technologies, with potential applications across diverse fields from medicine to finance, defence, law enforcement, materials science and public infrastructure.
As the UK’s data protection regulator, we want to ensure that people’s personal information 1, privacy and information rights are protected in a quantum-enabled future. We also want to encourage the UK’s quantum industry to innovate responsibly, and consider any privacy implications at an early stage. This report examines what a quantum-enabled future could look like, through a data protection and information rights lens.
This report spans the range of quantum technologies, from quantum sensing, timing and imaging to quantum computing and quantum communications. It considers use cases in domains such as medicine, finance, communications and law enforcement and explores when they may develop. While many applications that are relevant to us will not emerge until the medium to long term, some impacts are being felt now.
In particular, we are seeing the first steps towards the future “state of the art” in cyber security in response to the expected impact of quantum computing on cryptography. Larger organisations, such as digital service providers or financial service providers, should start to prepare for the transition to post-quantum cryptography 2. This could include identifying and reviewing their at-risk information and systems, while also maintaining good resilience against existing cyber risks. People and smaller organisations using standard operating systems should keep up-to-date with regular software updates. This will help to protect their devices and systems against current and future cyber risks.
Beyond information security issues, the advanced capabilities and convergence of quantum and classical technologies may exacerbate some existing privacy risks in future. As well as enable new opportunities to protect personal information. Material risks to people’s privacy are more likely to arise if applications of these technologies are misused or not deployed lawfully, fairly and transparently, or without regard to people’s rights and freedoms.
At this early stage, industry and the ICO have a promising window of opportunity to engage and learn from each other. To help work towards a quantum-enabled future, we will:
- continue to work with the National Cyber Security Centre to raise awareness of cyber security risks arising from quantum computing, updating our guidance on encryption in line with the transition to post-quantum cryptography;
- continue to engage with, learn from and share our perspective with industry, the National Quantum Computing Centre, the UK’s Quantum Hubs, the Office for Quantum and other regulators on developments in wider quantum technologies; and
- consider sandbox applications for any quantum technology use cases likely to come to market in the next three years that may involve processing personal information.
This report represents our early-stage thinking on the intersection of quantum technologies and data protection. We do not intend it as guidance. Should you wish to continue the conversation, please contact us at: [email protected].
1 any information relating to an identifiable living individual.
2 Post-quantum cryptography: what comes next? - NCSC.GOV.UK; Next steps in preparing for post-quantum cryptography - NCSC.GOV.UK. The NCSC defines a large organisation as one with more than 250 employees.