Anonos technology supports new legal bases now required for desired business outcomes and use cases to remain lawful under the GDPR, CCPA and other evolving data protection laws in a way that competitive offerings are unable to achieve
Data Sharing / Analytics / AI
Life Sciences Research
WHAT HAS CHANGED?
New data privacy laws mean that the days of unfettered and unfiltered use of data are over and that more than written policies and standard procedures are required.
WHY IT MATTERS?
If companies do not correct this, they can find themselves using illegal "Conflict Data" that taints the legality, accuracy and value of Analytics & AI.
HOW TO FIX IT?
Anonos technology transforms illegal "Conflict Data" from Liability into legally compliant "Fair Trade Data," that delivers a new competitive advantage.
Conflict Data describes the risk of personal information concerning an individual being used to the disadvantage of that person.; It is analogous to "conflict diamonds" being used against a country in which they are illegally mined to the disadvantage of the country.
The GDPR requires technical and organisational safeguards to enable secondary use of data by enabling a new compatible legal basis.
Anonos helps businesses become data-driven without compromising GDPR compliance obligations.
Anonos is more than GDPR compliance technology. It engineers privacy into solutions to enable analytics.
Maximizes the business value of Analytics, AI and ML...
...by delivering the highest data fidelity, accuracy, portability and context to...
...Enable legal compliance with evolving data privacy laws.
What changed? The recent European Data Protection Board (EDPB) Opinion 3/2019 stipulates the opinion of the Board that “informed consent” for life science purposes does not satisfy requirements for consent as a legal basis under the GDPR. This opinion took many people in the industry by surprise and means that participants engaged in EU life science research are at immediate risk of interrupted business operations, reputational damage, enforcement action, liability, and penalties unless they support an alternate legal basis.
Is there a solution? Anonos patented BigPrivacy technology enables life science firms to do more with data in compliance with EU data protection requirements in a way that is not supported by competitive technologies.
Benefits of GDPR Compliant Pseudonymisation for Life Science Research:
1) Increasing the risk of liability and uncertainty surrounding the use of data collected in the EU for clinical trials/medical device studies under recent controversial guidance from the European Data Protection Authority; and
2) Reducing data collected in the US to be used for EU and global studies by complying with more stringent privacy obligations.
3) Enabling the ability to analyze, share and combine global clinical trial/medical device data in compliance with evolving global data protection laws;
The benefits of properly pseudonymised data using Anonos BigPrivacy technology are highlighted in multiple GDPR Articles, specifically in:
Pre-GDPR approaches to pseudonymisation require a trade-off between maximizing data protection and data utility resulting in either less accurate data or less secure data. This is because of the use of static (persistent) tokens to replace direct identifiers only so: (i) pseudonymised records can be combined with additional information to enable re-identification; and (ii) indirect identifiers can be combined or enriched with additional information leading to unauthorized disclosure – this is often referred to as unauthorized re-identification via inference attacks or the “Mosaic Effect.”
With GDPR compliant pseudonymisation using Anonos BigPrivacy, the conflict between data protection and utility is resolved by transforming data dynamically using patented algorithms to contain only pseudonymised versions of required data elements (direct and indirect identifiers) authorized for each use or analysis. Different users receive use-case specific pseudonyms all originating from the source data, significantly enhancing downstream data utility, even on privacy-enhanced data.
Pre-GDPR Pseudonymisation versus GDPR Compliant Pseudonymisation
How GDPR compliant pseudonymisation requirements have evolved from prior standards:
In addition, the TED Talk on Big Data Needs BigPrivacy (6 min) highlights how Anonos BigPrivacy technology maximises lawful collection, use, combination, sharing and processing of personal health data without compromising data value under domestic and international data protection regimes.
1. Prior to the GDPR going into effect, you could collect data using general consent like that provided by a Cookie Wall.
2. However, now data collected without complying with new GDPR requirements is ILLEGAL.
3.There is NO grandfather or savings clause that enables you to continue to legally possess or store data collected in noncompliance with the GDPR.
Try to get specific unambiguous and voluntary consent – but must always have a non-consent legal basis if you want to use data from people who do not reconsent or in secondary processing like Analytics, AI and ML.
Making the data unlinkable to individuals significantly degrades the utility of having the data.
This is a “nuclear option” and eliminates all value of the data.
Using encryption, hashing, etc. will not support a new GDPR legal basis of Legitimate Interest processing because using the data exposes data subjects to the risk of unauthorized re-identification.
Solving data sovereignty issues while enabling analytics.
Some of the largest banks in Europe recognise that - unlike any other technology - level as well as at a course-grained policy level enabling them to maximise the use and value of their data while maintaining jurisdictional data sovereignty and localization compliance. This is critical since they do business in many countries around the globe. They have petabytes of data that could not be integrated and managed for analytics and AI without BigPrivacy non-identifying. Variant Twin data to support new, non-consent-based legal basis for processing EU personal data under the GDPR.
Banks are also able to transfer maximum data to the cloud due to the portability of non-identifying BigPrivacy Variant Twin data among processing locations enabling cloud providers to more fully leverage cloud scalability, load balancing, etc.
Many banks desire to consolidate data lakes into one or several centralised locations to enable real time consolidated data analytics on a real-time, selectively controlled basis.
The problem is that traditional data protection technologies are one-directional, requiring that all data and all use cases be presented at the time that data protection is applied. The introduction of new use cases or addition of more data nullifies the data protection. In contrast, BigPrivacy supports multi-directional data protection by leveraging Variant Twin data that is specifically processed for the person, purpose, place associated with each authorised data use in real-time.
Other data protection technologies do not support dynamic pseudonymisation, something that BigPrivacy uniquely enables. As a result, BigPrivacy provides firms with an API to dynamically pseudonymise data enabling them them to selectively control real-time data analytics across the consolidated data lake.
A major bank in Europe is leveraging BigPrivacy Variant Twin data to enable sharing of non-identifying versions of original datasets with strategic enterprise partners.
BigPrivacy establishes a common Variant Twin format to support sharing of harmonised Variant Twin data schemas among disparate data sets. The bank would otherwise be forced to cease inter-enterprise data analytics projects because other approaches rely on static identifiers which under the circumstances would no longer be permitted under the GDPR.
The ability to separate the information value of data from the means of re-identifying data subjects (to satisfy GDPR requirements for pseudonymisation) while enabling controlled re-linkability of data under authorised conditions is critical to achieving the bank’s business objectives; these capabilities are uniquely possible using BigPrivacy’s patented dynamic pseudonymisation technology.
Want to learn more or request a demo?
Get in touch using the form below.
Anonos does not sell or share your information.