The recent fine received by Google from France in regards to GDPR is a clear reminder to the big data and analytics market.
With another case involving a leading business showing the potential implications, businesses will need to focus further past consent and be capable of clearly showing they are allowed to utilise analytics and AI. Data analytics is critical to many businesses, their future development and enabling progressive innovation, but this is a significant challenge that needs to be addressed.
As Gary LaFever, the CEO at Anonos explains that in the scenario where analytics and AI cannot specifically highlight the time of data collection, businesses will not be able to rely on consent as done prior to the introduction of GDPR.
Under the new GDPR regulations, new safeguards are necessary to support both AI and analytics. To comply with the GDPR rules and essentially remain legal, companies will need to have a GDPR-compliant list of safeguards in place for the second stage of processing, covering analytics and artificial intelligence.
According to Anonos, these safeguards will need to incorporate the following steps:
-Include a balance of interest test that includes ‘functional separation’ (the options segment information value of data from the actual identity of each data subject). This reduces the negative impacts related to data subjects and ensures the legitimate interests of the data controller are not removed. There have been several legal cases involving major businesses that make it quite clear that attempting to claim a ‘legitimate interest’ in personal data is simply not enough.
-Ensure the compliance with secondary processing is in line with the original purpose for which the data was gathered.
-Prevent access as a standard to the minimum data required for each purpose for what is processed. This is referred to as Data Minimisation involving a specific level of control over data availability.
Technical safeguards to meet the requirements of GDPR were not required for lawful secondary processing using consent. This means many businesses do not have the required technology available. Essentially was previously viewed as acceptable prior to the implementation of GDPR is now no longer viewed as legal.
La Fever believes that companies do need to address and action relevant technical safeguards and introduce functional separation in an efficient way that has little impact on overall access to data, analytics and AI, enabling continued growth and innovation within the wider market.