What does GDPR mean for Big Data Analytics and AI?

January 27th, 2019 by Stephen Jones Leave a reply »

By 2020, there will be an estimated 24 billion internet-connected devices globally – more than four devices for every person. Many consumers have concerns about data privacy and how their data is used and protected (some surveys put this at 90% of users). As businesses learn to extract value from and utilize data at a deeper level, it is essential for companies to be extremely conscientious about protecting personal information.

The recent Google 50 Million Euro GDPR fine posted about on our blog has major implication means for data insight driven companies. Secondary processing of date using iterative analytics and AI needs to remain legal under the GDPR – i,e.GDPR compliant technical and organizational safeguards in place that:

(1) Satisfy a balance of interest test that requires functional separation (to separate the information value of data from the identity of data subjects) to reduce the negative impact on data subjects, so that the data controller’s legitimate interests are not overridden. see Annexures 1 and 2 of this note: https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf

Recent high-profile lawsuits against Oracle and Acxiom make it clear that simply claiming a “legitimate interest” in commercializing personal data is not enough. (see the video here http://fortune.com/2018/11/08/privacy-international-oracle-acxiom/)

(2) Ensure compliance with requirements that the secondary processing is compatible with the original purpose for which the data was collected;

(3) By default restrict access to only the minimum data necessary for each purpose for which it is processed – such Data Minimisation, is a level of granular control and protection that cannot be technologies like encryption alone.

The “Data Privacy Day 2019″, which is tomorrow: Monday 28 January 2019, is led by the National Cyber Security Alliance (NCSA) in the United States, is built on the theme, “Respecting Privacy, Safeguarding Data and Enabling Trust.”

Advertisement

Comments are closed.