The European privacy regulation , which European Privacy Regulation: came into force on 25 May 2018, has caus a strong shock in the quiet lives of data controllers.
There has been a general rush to European Privacy Regulation: comply, often done without fully understanding what it consist of, and for those who have already done so, life seems to have return to normal.
But have you ever wonder what has really European Privacy Regulation: chang for your business? In addition to the paperwork to fill out, is there something that can instead be exploit as an opportunity with the European privacy regulation ?
European Privacy European Privacy Regulation: Regulation: Anonymization and How to Process Data… Without Processing It
We are in California. A woman, a professional prostitute, has a personal Facebook account totally unrelat to her profession.
It happens that, among the suggestions of “People you may know”, you find some of your regular customers.
This despite having a Facebook account with an email address and phone number that are different from the ones ud in his “professional life”.
No one knows exactly how the friend suggestion algorithm works, but it seems obvious that it also pulls information from other apps, such as Google Maps, and in this case, “saw” the two people in the same place at the same time Scar, huh?
The struggle between public interest and the protection of personal data
The disclosure of sensitive data has always been a risk introduc by the use of IT tools, and previously paper-based ones, to gather consent for a certain action.
Even though increasingly stringent protection measures were introduc over the years, companies still manag to find some loophole to use that data for commercial purposes.
The GDPR privacy aims to further curb this practice, however it remains a European privacy regulation that is far too generic.
The introduction of the European privacy regulation has in turn l to a trail of regulations that are necessary for compliance.
The main purpose of the European privacy regulation is to use data more responsibly, not limit to quantity. The regulation is in fact intentionally generic, limiting itself to regulating the methods and criteria that must be subject to the processing of personal data, rather than the personal data actually subjected to processing.
Why are my data important?
The basic reasoning of marketing is simple: the more we know about the customer, the more we can hit them in the right place at the right time and lead to conversion. There is no doubt about that.
Your personal data is therefore important to know you and suggest the right product bas on your interests. This is also very clear.
But each of our data can be useful beyond commercial purposes: it can be us for public safety . Think about the spread of a new disease and the discovery of natural antibodies: in situations like these, having information can be fundamental.
It must therefore be in the interest of the community itself to share certain information, and it is the duty of the legislator to find the right balance between the interests of the individual and the community, also through the European privacy regulation .
At Latest Mailing Database, we provide fax lists to optimize your fax marketing campaigns. Our targeted fax marketing lists include verified contact information for businesses in Global City, Texas. Reach decision-makers in the Western region effectively and enhance your campaign’s success using our reliable and up-to-date fax lists.
We process data…without processing it
The main problem of processing personal data is precisely that of violating the privacy of real, physical people. But what if these people were no longer real, or rather, identifiable? That data would be an abstract data that cannot be link to a early bird discount for 2024 has been extended! physical person and therefore does not violate any privacy. This process is called personal data anonymization .
In this way it is possible to extrapolate, process aqb directory and carry out actions in full compliance with the European privacy regulation .
Before arriving at the anonymization of personal data , which is the “final phase”, we go through other stages, all obviously with greater protection for the consumer.
Articles 24 and 25 of the European privacy regulation state that “the data controller shall implement measures to ensure due protection”. This means very little in itself, but nevertheless techniques have been develop that everyone must now adapt to.
Pseudonymization
This is the first step of protection. It consists, as the name itself suggests, in providing a pseudonym to the person whose data is being process, through the introduction of encrypt codes.
Even so, however, it is possible to trace the identity of the person, so the data will still be subject to the European privacy regulation in its entirety.
The minimization
We move to a higher level, where the data taken into consideration are strictly limit to what is necessary to achieve the purposes for which they are process.
Greater protection, but which still does not break the link between Mr. Mario and the fact that he likes strawberry ice cream.
What really protects Mr. Mario is disconnecting him from his preferences.
Anonymization
And here we are at the maximum protection, which is represent precisely by the anonymization of personal data. In this case, to return to the example, the only information in our possession is that we examin 100 people, and that 45 of them like strawberry ice cream. However, we do not know whether Mario or Francesco likes it, and this protects them from possible “aggressive” advertising.
How does anonymization happen?
There are several techniques that allow achieving identity protection.
- A first group uses the technique of voluntary error: it is essentially a matter of “swapping the cards” to avoid having too precise results. This can happen through permutation or by adding “statistical noise”.
- A second group, instead, rather than adding errors, subtracts information, or rather replaces it by making it more generic.
Let’s say we know that Giovanni, a 29-year-old from Novara who lives on Via X nY, likes motorcycles. I, a motorcycle dealer, cannot explicitly process his data, so I have to limit the information in my possession. How do I do it?
I can, instead of defining him as 29, put him in the 25-40 age group, or I can define him as Pimontese instead of Novara, and so on. These practices are commonly defined as k-anonymity .
- There is also the possibility of aggregation: in this case the data is process, or publish, or analyz, on a large scale, that is, in large numbers. In this way the possibility of tracing a certain person is certainly limit, even if it is not made impossible.
- Finally, data masking: this is perhaps the safest measure of anonymization of personal data , because it simply consists of eliminating some of the information: name, age, gender, residence, etc.
Once you anonymize your data, you can be sure that you are in full compliance with European privacy legislation .
All these measures must be implement on every data collection vehicle, including the website. Google Analytics, in fact, automatically tracks the IP of the site visitor, going against the European privacy legislation. To avoid this, it is necessary to carry out an operation of anonymization of the IP, task of the web master.
Does it really work?
These measures are certainly of great help, and are actions through which companies can protect themselves and not incur sanctions.
However, this does not mean that consumers are actually in a safe place.
That’s because, as hard as companies might try, there are other ways we unknowingly give away information about ourselves, like the apps the Californian woman above us.
The world of data exchange between apps and between apps and Google Analytics is complex to analyze, so we will deal with it soon with a icat article!
Bottom line: there is still a lot to work on, but the positive signs are there. Now it’s up to companies to do what they can to protect consumers!