Rob Daly | JUNE 6, 2017

EU Privacy Rule Offers Silver Lining

The EU’s General Data Privacy Regulation, which goes into effect in May 2018, may prove to be a greater boon than a bane for financial services firms globally.

The regulation applies to organizations located in the EU as well as organization located outside of the EU that offer goods and services to or monitors the behavior of EU citizens.

Designed to harmonize data privacy laws across Europe, it aims to protect information related to “a natural person or ‘data subject’ that can be used to directly or indirectly identify the person.” And non-compliance with the GDPR comes with hefty penalties which could be the greater of 20 million euros or 4% of the offending organization’s global revenues depending on the nature of the infraction.

Gary LaFever, Anonos

“That’s only the administrative fine,” said Gary LaFever, co-founder and CEO of Anonos. “In addition, the GDPR authorizes class action lawsuits for the first time. And as opposed to the US where you can’t recover for damaged reputation, pain and suffering, or discrimination based on data misuse, those are fully authorized by the regulation.“

GDPR also requires organizations to get specific and unambiguous consent from clients before organizations can apply analytics to the data covered by the regulation.

Given the iterative nature of artificial intelligence and machine learning processes, this could hit firms hard, noted LaFever. “You can get consent to the first or second question but not the third, fourth fifth or tenth question, which is what big data is about.”

However, if an organization meets specific technical requirements and demonstrate a legitimate interest in analyzing the data, they can continue to do so, he said. “If you don’t, you’re liable.”

To address GDPR’s privacy requirements, as well as other privacy regulations, Anonos developed its privacy rights management platform BigPrivacy that can selectively dial up or down the identifiability of data while maintaining the information’s value at the data level.

“It turns digital rights management on its head,” said Ted Myerson, fellow co-founder of Anonos during a TED Talk on big data privacy. “For the first time, you have the ability for trusted enterprise parties on your behalf control how they manage, access, and use your data.”

By creating an information-rich but identity-light data sets, it opens new opportunities to share data that would have been too risky for organizations previously, added LaFever.

“One of the first things that we saw as we started developing this technology were ways of enabling new uses of data that give you more transparency at a detailed level in a timely basis,” he said. “Those three things are gold to quants.”

LaFever cited an example of a bank’s private wealth management business not wanting to share client data with the bank’s real estate business for the fear that the real estate business would use the data for client prospecting.

However, the real estate business could use a copy of the non-identifying data to hone its offerings without targeting the private wealth management clients, he added.

Anonos is targeting data-driven industries, such as pharmaceuticals, human resources, and consulting initially.

“In some respects, healthcare has its own analog to GDPR with the Healthcare Information Portability and Accountability Act,” noted LaFever.

This article originally appeared in Marktets Media All trademarks are the property of their respective owners. All rights reserved by the respective owners.


Are you facing any of these 4 problems with data?

You need a solution that removes the impediments to achieving speed to insight, lawfully & ethically

to Insight
Are you unable to get desired business outcomes from your data within critical time frames? 53% of CDOs cannot achieve their desired uses of data. Are you one of them?
Lack of
Do you have trouble getting access to the third-party data that you need to maximise the value of your data assets? Are third-parties and partners you work with worried about liability, or disruption of their operations?
Inability to
Are you unable to process data due to limitations imposed by internal or external parties? Do they have concerns about your ability to control data use, sharing or combining?
Are you unable to defend the lawfulness of your current data processing activities, or data processing you have done in the past?
Traditional privacy technologies focus on protecting data by putting it in “cages,” “containers,” or limiting use to centralised processing only. This limitation is done without considering the context of what the desired data use will be, including decentralised data sharing and combining. These approaches are based on decades-old, limited-use perspectives on data protection that severely minimise the kinds of data uses that remain available after controls have been applied. On the other hand, many other new data-use technologies focus on delivering desired business outcomes without considering that roadblocks may exist, such as those noted in the four problems above.
Anonos technology allows data to be accessed and processed in line with desired business outcomes (including sharing and combining data) with full awareness of, and the ability to remove, potential roadblocks.