Establishing controls for lawful secondary data processing when consent alone is not enough
LONDON and BRUSSELS, Jan. 24, 2020 /PRNewswire/ -- An industry led discussion on the implementation of pseudonymisation as a technological safeguard alongside data protection legislation was one of the main highlights of day two of the 13th International CPDP Data Protection and Artificial Intelligence Conference being held in Brussels this week.
During an interactive panel session moderated by Gary LaFever, Co-founder, CEO and General Counsel of data privacy and enablement technology provider, Anonos, a number of leading experts from across the privacy and data protection industry discussed the technical and organizational controls necessary for lawful AI and secondary data processing when consent is not enough.
The panel included Giuseppe D'Acquisto, senior technology advisor for the Italian Data Protection Authority, Ailidh Callander, a lawyer at Privacy International, Steffen Weiss, legal counsel for data protection and head of international affairs at the German Society for Data Protection and Data Security; and Magali Feys, a specialist technology lawyer at AContrario.Law.
Pseudonymisation, which is legally defined for the first time at the EU level in the GDPR, was widely discussed as a positive technological solution for enabling the ethical and legal processing of data for secondary purposes when consent is not enough on its own to satisfy legitimate interest. Key to this, the panel advocated, is the need for technology solutions to go hand in hand with privacy and data protection policies and regulations in not only helping to enforce legal and best practices, but also to enable the multiple possibilities to share, collaborate and innovate with data lawfully and ethically.
The panel discussed how Articles 25 and 32 of the GDPR refer to pseudonymisation as both an innovation enabler and a protection mechanism. While much attention has been focused on pseudonymisation as a means of making data more secure, panellists advocated the need for more attention on its role as an innovation enabler by generating protected identities with appropriate and necessary safeguards.
Further discussions advocated the need for technological solutions, including pseudonymisation, to be thought of as a means of companies and organisations being able to provide evidence of demonstrable accountability. Panellists agreed, there is a need for underlying frameworks and transparent policies that technology helps to enforce.
Gary LaFever, Co-founder, CEO and General Counsel of data privacy and enablement technology provider, Anonos, commented: "In today's data-driven world, new technical measures are necessary to balance data innovation and protection of individual privacy rights when consent is not enough. The use of consent as a GDPR legal basis for repurposing personal data is severely restricted; this is particularly relevant in the case of iterative secondary processing of personal data required for analytics, machine learning, and AI. New technical safeguards like pseudonymisation overcome limitations of consent to ensure protection of individual privacy rights while still enabling data-driven innovation."
Anonos has been working in the data protection and enablement space since 2012 enabling lawful data use for numerous companies across the globe. Recognised by IDC, Gartner and Forrester, Anonos is more than just GDPR compliance technology. It engineers privacy into solutions to enable lawful Analytics and Big Data to enable ongoing innovation for a range of industries and disciplines.
As one of the world's leading conferences in data protection, CPDP gathers academics, lawyers, practitioners, policy makers, industry and civil society from all over the world to exchange ideas and discuss the latest emerging issues and trends relating to legal, regulatory, academic and technological development in privacy and data protection.
Anonos enables lawful analytics, AI and ML that preserves 100% of data accuracy while expanding opportunities to ethically share and combine data. Anonos Pseudonymisation and Data Protection by Design & by Default technology reconciles conflicts between protecting the rights of individuals and achieving business and societal objectives to use, share, combine and relink data in a lawful manner. Anonos patented Variant Twins® enable sharing, collaboration, and analytics of personal data by technologically enforcing dynamic, fine-grained privacy, security and data protection policies in compliance with the GDPR, CCPA and other evolving data privacy regulations. https://www.anonos.com
CPDP is a non-profit platform originally founded in 2007 by research groups from the Vrije Universiteit Brussel, the Université de Namur and Tilburg University. The platform was joined in the following years by the Institut National de Recherche en Informatique et en Automatique and the Fraunhofer Institut für System und Innovationsforschung and has now grown into a platform carried by 20 academic centers of excellence from the EU, the US and beyond. As a world-leading multidisciplinary conference CPDP offers the cutting edge in legal, regulatory, academic and technological development in privacy and data protection. Within an atmosphere of independence and mutual respect, CPDP gathers academics, lawyers, practitioners, policy-makers, industry and civil society from all over the world in Brussels, offering them an arena to exchange ideas and discuss the latest emerging issues and trends. This unique multidisciplinary formula has served to make CPDP one of the leading data protection and privacy conferences in Europe and around the world.
Liberty Communications on behalf of Anonos
+44 203 514 1801