Even if Meta were using a data clean room for marketing and advertising purposes, it would not be adequate for GDPR compliance. And without GDPR compliance, Meta can’t claim legitimate interest as a legal basis for lawful secondary data processing.
Classic anonymization is difficult to achieve and often does not provide good results. Comparatively, modern technologies like Diffix offer the best of both worlds, giving you data treasure and data protection.
Can companies achieve true data anonymization to avoid weaker pseudonymization techniques and lessen the constraints of data privacy laws like the GDPR?
The EU GDPR signals a move towards a technology-based approach that can enforce data protection policies for personal data. What’s the solution?
A key concept of many privacy laws is the definition of “personal data”, “personal information” or “personally identifiable information”. If it’s not “personal data”, you are likely outside of the scope of data protection laws, however that is a line in the sand which is constantly moving – in this article David Fraser of McInnes Cooper in Canada examines what that constantly shifting line means for privacy, and the individual.
In part one of a two part series, we examine some of the challenges that companies face in terms of the evolving privacy and data protection landscape. Data protection and privacy issues are now bedrock strategic issues for companies across the world and Information Security professionals are now under even more pressure to ensure that data remains secure. The value of data as an intangible asset continues to grow and legislation and regulation is becoming ever more stringent. The onus is on companies to comply or suffer the consequences. This is going to require a whole new breed of information security professional. In part two of this series (in next month’s newsletter) we’ll look at the argument for and against a new role combining Chief Security and Privacy Officer in this rapidly evolving regulatory environment.
