BRUSSELS, BELGIUM, April 14, 2021 /EINPresswire.com/ — Organisations can no longer rely on simple “data housekeeping” practices alone to satisfy data protection practices required by GDPR and Schrems II legislation (https://www.reuters.com/article/us-facebook-privacy-eu/big-u-s-tech-firms-fail-to-comply-with-curb-on-europe-data-transfers-schrems-idUSKBN26J1CP), according to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE).
The LIBE has released a Motion for a Resolution (https://www.europarl.europa.eu/doceo/document/B-9-2021-0211_EN.html) setting out consideration now that GDPR has been in force for over two years. A review of the Motion for Resolution highlights that most popular Privacy Enhancing Technologies (PETs) do not provide adequate protection for popular Big Data use cases.
Critically, the LIBE noted the importance of data protection by design and by default for all processing, which cannot be satisfied by “data housekeeping” techniques. Data protection by design and by default requires technical and organisational measures to protect data both in the EU (as required by the GDPR) and outside of the EU (as confirmed by Schrems II).
However, many companies are still focusing on simple data protection for primary data collection and processing and nothing more. This approach does not satisfy secondary processing via analytics, AI and machine learning (ML), all of which require a different lawful basis known as ‘legitimate interests’ processing.
This is highlighted by the Court of Justice of the European Union ruling known as Schrems II, which puts additional pressure on organisations to consider what data they are processing and what technical and organisational measures they have put in place to support lawful secondary processing and international data transfer.
Gary LaFever, CEO and General Counsel, Anonos, said: “The methods and purposes of data processing have changed dramatically over the past several decades. Ongoing technology developments make it easier to switch seamlessly from primary purpose data collection and processing to advanced secondary analytics, complex AI and ML. Alongside ‘Big Data’ advances such as these, data protection techniques must also evolve to keep pace.”
Legitimate interests processing requires a “balancing of interests” test to be satisfied, ensuring that the processing done is lawful, proportionate, and protects the rights of data subjects. Implementing appropriate and robust data protection methods can help tip the balance of this test in favour of the data controller. Still, without technical and organisational measures, this processing's lawful basis is unlikely to be satisfied.
Gary added: “One aspect of the LIBE’s Motion for Resolution may be out of step with the realities of modern Big Data processing – the focus on anonymisation. In today's Big Data world, anonymisation is in many respects impossible to achieve. Datasets can be combined from numerous and multitudinous sources, rendering attempts at anonymisation ineffective. New technical measures are necessary, and the clue comes from the GDPR itself. GDPR heightened requirements for Pseudonymisation are explicitly mentioned in the GDPR as a means to implement data protection by design and by default. GDPR Pseudonymisation is also recommended by the EDPB as a means to transfer data in compliance with Schrems II.”
Anonos is a leading provider of state-of-the-art data enablement and protection technology, offering a range of technology solutions that empower organisations to continue lawful processing of EU data in compliance with Schrems II and other global data sovereignty and localisation laws. For more information, join the Schrems II Linkedin Group with nearly 5,000 members (https://www.linkedin.com/groups/12470752).
To read more about this topic, read the following article at:
Schrems II Resources:
1) The Board Risk Assessment Framework is now available to view and download at https://www.SchremsII.com/Board2
2) Are you Schrems II Compliant Quiz (in 2 questions): https://www.anonos.com/TakeTheQuiz
3) Learn all about Pseudonymisation at https://www.pseudonymisation.com/
4) Schrems II Knowledge Hub: https://www.SchremsII.com/KnowledgeHub
5) Anonos: https://www.anonos.com/
Source: EIN Presswire