Interesting discussions here on the privacy of data stored in canisters, which I agree isn’t very private at all. IMO, any data stored by a canister should be considered as publicly available from a security point of view.
And I think that’s exactly why the proposal of public subnets makes sense. Currently, we have the worst of both worlds: we can’t rely on a subnet to keep its data private, yet we can’t verify its correct execution either. By making the blockchain public, at least we can do the latter.
To handle private data on the IC, please have a look at the proposed threshold key derivation feature. It can’t address all use cases, in particular not those that require canister-side computation on encrypted data (for that you will need advanced and much less efficient techniques like fully homomorphic encryption), but it does open a wide spectrum of B2B applications that simply route pieces of encrypted data that only get decrypted on the user’s side.