March 25, 2020

Privacy and Data innovation Professionals Discuss Future of Personal Marketing

LONDON, March 25, 2020 /PRNewswire/ -- Over 700 senior privacy and data innovation professionals from around the world recently joined a webinar hosted by the Data Protection World Forum, discussing Pseudonymisation-enabled Legitimate Interests processing with a focus on new legal requirements for direct marketing under GDPR.

The webinar was led by Dr. Sachiko Scheuing, European Privacy Officer at Acxiom, Martin Abrams, Chief Strategist at the Information Accountability Foundation (IAF), and Gary LaFever, CEO & General Counsel at Anonos.

Dr. Sachiko Scheuing said: "Organisations can no longer rely on consent, contract or anonymisation alone to make direct marketing lawful."

Martin Abrams commented: "People do not believe that there is a solution that supports the Legitimate Interests processing that is required for lawful direct marketing, but Pseudonymisation (as newly defined under the GDPR) can protect data when in use to enable this."

Gary LaFever added: "Organisations cannot rely on what they have done up to today to benefit from what Pseudonymisation makes possible under GDPR, they can go to www.enisaguidelines.com/comparison to compare their current approach against new requirements for Pseudonymisation under the GDPR."

The webinar panelists highlighted that if organisations cannot answer "YES" to all four of the following questions, they must stop personalised direct marketing per proposed guidance issued by the UK Information Commissioner's Office (ICO):

  • Does your organisation use technology that demonstrably and verifiably enforces policies that protect data when in use?

    Example: Do you have technical controls that transform data while enforcing privacy protection policies for data in use? Encryption only protects data at rest and in transit, not in use.
  • Does your organisation use dynamically changing de-identifiers? (see www.MosaicEffect.com) 

    Example: Relinking to identity should only be possible with the use of separately-kept "Additional Information." Static tokens that are consistent across data are vulnerable to re-identification via linkage attacks, referred to as the Mosaic Effect. This means that you need to use dynamically-changing identifiers instead.
  • Does your organisation's technology satisfy new statutory requirements to get the benefits of Pseudonymisation? (see www.Pseudonymisation.com)

    Example: Relinking to identity should only be possible with the use of separately-kept "Additional Information." Use of static tokens and a failure to protect indirect identifiers could result in unauthorised relinking to identity, increasing the possibility of unlawful processing of personal data.
  • Does your organisation's Pseudonymisation technology satisfy new EU technical standards? (see www.EnisaGuidelines.com)

    Example:  Not using state-of-the-art techniques for pseudonym generation and supplementing pseudonymisation with anonymisation techniques results in data being vulnerable to unauthorized re-identification.

However, organisations who can answer "YES" to all four of these questions are well-positioned to maximise data value and utility to their competitive advantage by leveraging Pseudonymisation-enabled Legitimate Interests processing.

Key Take-Aways from Webinar

  • SOS Alert: Direct marketing to customers and innovative data uses could be at risk.
  • The webinar presentations and questions emphasized that consent, contract and anonymisation are no longer reliable for legally processing personal data..
  • You must consider Legitimate Interests as a legal basis for processing. This requires new technical controls that protect data when in use to meet the balancing of interests test required under GDPR.
  • No one wants to be left behind: immediate action is required.

Don't get left behind:

Hyperlinks from Webinar:

About Anonos: Anonos enables lawful analytics, AI and ML in a way that preserves 100% of data accuracy while expanding opportunities to ethically share and combine data. Anonos Pseudonymisation and Data Protection by Design & by Default technology reconciles conflicts between protecting the rights of individuals and achieving business and societal objectives. As a result, you can use, share, combine and relink data in a lawful manner. Anonos-patented Variant Twins® enable sharing, collaboration, and analytics of personal data by technologically enforcing dynamic, fine-grained privacy, security and data protection policies in compliance with the GDPR, CCPA and other evolving data privacy regulations. https://www.anonos.com

MEDIA CONTACTS

Liberty Communications on behalf of Anonos

anonos@libertycomms.com +44 207 751 4444

 

This article originally appeared in PR Newswire.  All trademarks are the property of their respective owners. All rights reserved by the respective owners.

CLICK TO VIEW CURRENT NEWS

Are you facing any of these 4 problems with data?

You need a solution that removes the impediments to achieving speed to insight, lawfully & ethically

Roadblocks
to Insight
Are you unable to get desired business outcomes from your data within critical time frames? 53% of CDOs cannot achieve their desired uses of data. Are you one of them?
Lack of
Access
Do you have trouble getting access to the third-party data that you need to maximise the value of your data assets? Are third-parties and partners you work with worried about liability, or disruption of their operations?
Inability to
Process
Are you unable to process data due to limitations imposed by internal or external parties? Do they have concerns about your ability to control data use, sharing or combining?
Unlawful
Activity
Are you unable to defend the lawfulness of your current data processing activities, or data processing you have done in the past?
THE PROBLEM
Traditional privacy technologies focus on protecting data by putting it in “cages,” “containers,” or limiting use to centralised processing only. This limitation is done without considering the context of what the desired data use will be, including decentralised data sharing and combining. These approaches are based on decades-old, limited-use perspectives on data protection that severely minimise the kinds of data uses that remain available after controls have been applied. On the other hand, many other new data-use technologies focus on delivering desired business outcomes without considering that roadblocks may exist, such as those noted in the four problems above.
THE SOLUTION
Anonos technology allows data to be accessed and processed in line with desired business outcomes (including sharing and combining data) with full awareness of, and the ability to remove, potential roadblocks.