BigPrivacy Reconciles Data Protection and Use to Maximize Value
BigPrivacy supports real-time, selective access controls (i) at a fine-grained data element level versus only at the user level and (ii) at generalized, non-identifying data levels in addition to identifying levels. Separating the information value of data from identifying attributes, all while retaining the ability to support authorized relinking of data to individuals under secure and technologically enforced conditions, enables the processing of analytics, artificial intelligence (AI), machine learning (ML), and digital transformation (DX) of protected data including IoT, geo-targeted and regulated data.
BigPrivacy allows data owners to maintain their data in privacy respectful and secure “silos” while enabling the use, sharing, comparing and computing of accurate but non-identifying versions of their data with other data sources. BigPrivacy supports analytics, artificial intelligence (AI), machine learning (ML), and digital transformation of combined protected data sets.
BigPrivacy enables pattern recognition without requiring disclosure of underlying identifying information to transform unstructured data into privacy respectful structured data schemas to support analytics, artificial intelligence (AI), machine learning (ML), and digital transformation of unstructured protected data.
BigPrivacy leverages technical and organizational measures to uniquely satisfy GDPR data safe haven requirements by separating the information value of data from the means of attributing data to specific individuals. GDPR data safe havens enable lawful ongoing processing, secondary use/further processing, minimisation, ongoing use of historical data, and improved security measures, for personal data. BigPrivacy uniquely enables data controllers and data processors to comply with GDPR data safe haven requirements under Articles 4, 5, 6, 11(2), 12(2), 25, 32 and 89.
To learn more about the GDPR Data Safe Havens, read the BigPrivacy GDPR Blueprint.
Many banks desire to consolidate data lakes into one or several centralised locations to enable real time consolidated data analytics on a real-time, selectively controlled basis.
The problem is that traditional data protection technologies are one-directional, requiring that all data and all use cases be presented at the time that data protection is applied. The introduction of new use cases or addition of more data nullifies the data protection. In contrast, BigPrivacy supports multi-directional data protection by leveraging Variant Twin data that is specifically processed for the person, purpose, place associated with each authorised data use in real-time.
Other data protection technologies do not support dynamic pseudonymisation, something that BigPrivacy uniquely enables. As a result, BigPrivacy provides firms with an API to dynamically pseudonymise data enabling them them to selectively control real-time data analytics across the consolidated data lake.
The GDPR requires that data controllers contract only with cloud service providers (and other processors) that provide “sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this regulation and ensure the protection of the rights of the data subject.” To support GDPR compliant cloud processing, BigPrivacy enables dynamic pseudonymization to support:
BigPrivacy enforces context-sensitive controls to enable compliant, scalable, self-service enterprise data use.
BigPrivacy helps to enforce data minimization by technologically enabling the use of the minimum level of linkable (identifiable) data necessary for each authorized process, to protect personal data on a per-authorized-use basis by technically controlling the linkability of data to limit access to linkable (identifying) data and protect against unauthorized use. Accordingly, BigPrivacy can help support data minimization within an organization by enforcing selective access to data, ensuring that an individual employee only has access to the data required for them to do their job and no more.
In addition, BigPrivacy enables two (or more) groups within the same organization, or two (or more) separate organizations, to share, combine and process data in a privacy-preserving manner. In both scenarios, each party desires to learn the results of a coordinated analysis without revealing private data. This is exactly what BigPrivacy technology makes possible. Organizations (or groups) can use BigPrivacy to run algorithms against the union of private data, all without allowing any party to view the other parties’ private information. This process, sometimes referred to as “Multi-Party Computation,” is accomplished by technically minimizing and harmonizing the data exchanged by the parties.
Some of the largest financial firms in Europe recognise that – unlike any other technology – BigPrivacy enforces data access and use controls at the fine-grained data element level as well as at a course-grained policy level enabling them to maximise the use and value of their data while maintaining jurisdictional data sovereignty and localization compliance. This is critical since they do business in many countries around the globe. They have petabytes of data that could not be integrated and managed for analytics and AI without BigPrivacy non-identifying Variant Twin data to support new, non-consent-based legal basis for processing EU personal data under the GDPR.
Banks are also able to transfer maximum data to the cloud due to the portability of non-identifying BigPrivacy Variant Twin data among processing locations enabling cloud providers to more fully leverage cloud scalability, load balancing, etc.
The way organizations have processed data for years – even for decades – creates new legal liability under the EU General Data Protection Regulation (GDPR). Organizations looking to maximize the value of data by leveraging advanced data analytics and artificial intelligence (AI) should be aware of 3 points: