An industry led discussion on the implementation of pseudonymisation as a technological safeguard alongside data protection legislation was one of the main highlights of day two of the 13th International CPDP Data Protection and Artificial Intelligence Conference being held in Brussels this week.
During an interactive panel session moderated by Gary LaFever, Co-founder, CEO and General Counsel of data privacy and enablement technology provider, Anonos, a number of leading experts from across the privacy and data protection industry discussed the technical and organizational controls necessary for lawful AI and secondary data processing when consent is not enough.
The panel included Giuseppe D’Acquisto, senior technology advisor for the Italian Data Protection Authority, Ailidh Callander, a lawyer at Privacy International, Steffen Weiss, legal counsel for data protection and head of international affairs at the German Society for Data Protection and Data Security; and Magali Feys, a specialist technology lawyer at AContrario.Law.
Recommended News: Security Compass Secures Growth Equity Funding From FTV Capital
Pseudonymisation, which is legally defined for the first time at the EU level in the GDPR, was widely discussed as a positive technological solution for enabling the ethical and legal processing of data for secondary purposes when consent is not enough on its own to satisfy legitimate interest. Key to this, the panel advocated, is the need for technology solutions to go hand in hand with privacy and data protection policies and regulations in not only helping to enforce legal and best practices, but also to enable the multiple possibilities to share, collaborate and innovate with data lawfully and ethically.
The panel discussed how Articles 25 and 32 of the GDPR refer to pseudonymisation as both an innovation enabler and a protection mechanism. While much attention has been focused on pseudonymisation as a means of making data more secure, panellists advocated the need for more attention on its role as an innovation enabler by generating protected identities with appropriate and necessary safeguards.
Further discussions advocated the need for technological solutions, including pseudonymisation, to be thought of as a means of companies and organisations being able to provide evidence of demonstrable accountability. Panellists agreed, there is a need for underlying frameworks and transparent policies that technology helps to enforce.
Gary LaFever, Co-founder, CEO and General Counsel of data privacy and enablement technology provider, Anonos, commented: “In today’s data-driven world, new technical measures are necessary to balance data innovation and protection of individual privacy rights when consent is not enough. The use of consent as a GDPR legal basis for repurposing personal data is severely restricted; this is particularly relevant in the case of iterative secondary processing of personal data required for analytics, machine learning, and AI. New technical safeguards like pseudonymisation overcome limitations of consent to ensure protection of individual privacy rights while still enabling data-driven innovation.”
Anonos has been working in the data protection and enablement space since 2012 enabling lawful data use for numerous companies across the globe. Recognised by IDC, Gartner and Forrester, Anonos is more than just GDPR compliance technology. It engineers privacy into solutions to enable lawful Analytics and Big Data to enable ongoing innovation for a range of industries and disciplines.
As one of the world’s leading conferences in data protection, CPDP gathers academics, lawyers, practitioners, policy makers, industry and civil society from all over the world to exchange ideas and discuss the latest emerging issues and trends relating to legal, regulatory, academic and technological development in privacy and data protection.
Recommended News: Garry Kasparov and Avast Showcase the Role of AI in Cybersecurity