Back to ABBYY Blog
Strengthening Privacy Rights with Privacy Enhancing Technologies
Andrew Pery
November 15, 2018
November 15, 2018
More rigorous privacy regulations such as the EU GDPR and a number of US privacy initiatives such as the recently ratified California Consumer Privacy Act impose higher standards on data controllers and processors to safeguard privacy rights – including data subject consent management, accommodating data subject requests, data portability and more onerous data controller and processor accountability standards.
Moreover, there seems to be momentum developing for a more comprehensive US Federal Privacy initiative consistent with GDPR. The current US data privacy regime is somewhat fragmented and sectoral in nature and is perceived to be an impediment to competing in the digital economy. Congress appears to be responding to these challenges. There are several proposed legislative initiatives under consideration, in particular:
These initiatives are also endorsed by the technology sector, including Google, Facebook and Microsoft. In particular, Google has recently published a Framework for Responsible Data Protection Regulation that espouses broader data subject rights, provides for enhanced transparency, accountability and provisions for privacy by design embedded in software that enables data subjects to exercise greater control over their privacy settings.
The sense of urgency by organizations to implement technological and organizations measures that mitigate compliance risk is accelerating. A recent AIIM survey found that while prior to GDPR coming into force only 30% of organizations were fully compliant with GDPR, after the deadline 50% of same organizations surveyed indicated that they are 75% compliant.
The survey surfaced several business-critical areas where potential compliance risks are high:
A recent survey by IAPP and Trust Arc highlighted the investment priorities in privacy enhancing technologies which are consistent with the pain points of the AIIM survey. Investment priorities focus on:
In a previous blog I’ve covered data mapping and data discovery technologies. One of the more vexing challenges for organizations is to strike a balance between the social utility of AI based content analytics technologies and safeguarding privacy rights particularly data subject profiling. Technological innovation such as always-on mobile devices and wearable technologies the rapid advancement of geolocation technology and predictive analytics create a digital fingerprint of data subject biographical information about their preferences and behavior.
The commercial incentive to share data for secondary uses with third parties is compelling as it promotes innovation. The social utility of personally identifiable information spans health care delivery and public services so long as the information is properly de-identified. De-identification consists of several algorithms designed to remove personal information. Generally, there are two forms of de-identification: pseudonymization, which removes the association and personal data is replaced by one or more artificial identifiers and anonymization that removes the association between the identifying dataset and the data subject in a manner whereby re-identification is not possible. The applicability of these two de-identification alternatives depends on the intended secondary uses of the data, the sensitivity of the data and the associated risk of re-identification. A particularly useful guide for the application of de-identification technologies and best practices is the National Institute of Standards and Technology (NIST) De-Identification of Personal Information.
There are also emerging efforts to incorporate privacy by design principles into content analytics technologies intended to profile data subjects. At the recently held 40th International Conference of Data Protection and Privacy Commissioners released its Declaration on Ethics and Data Protection in Artificial Intelligence the ambition of which is to ensure that “Artificial intelligence and machine learning technologies should be designed, developed and used in respect of fundamental human rights and in accordance with the fairness principle, in particular by:
About the author: Andrew Pery is a marketing executive with over 25 years of experience in the high technology sector focusing on content management and business process automation. Andrew holds a Masters of Law degree with Distinction from Northwestern University is a Certified Information Privacy Professional (CIPP/C) and a Certified Information Professional (CIP/AIIM).
This article originally appeared in AIIM.org entitled "Strengthening Privacy Rights with Privacy Enhancing Technologies" by Andrew Pery. To read the original version, please visit: https://info.aiim.org/digital-landfill/strengthening-privacy-rights-with-privacy-enhancing-technologies.
Andrew Pery
Digital transformation expert and AI Ethics Evangelist for ABBYY
Andrew Pery is an AI Ethics Evangelist at intelligent automation company ABBYY. His expertise is in artificial intelligence (AI) technologies, application software, data privacy and AI ethics. He has written and presented several papers on the ethical use of AI and is currently co-authoring a book for the American Bar Association. He holds a Masters of Law degree with Distinction from Northwestern University Pritzker School of Law and is a Certified Information Privacy Professional (CIPP/C), (CIPP/E) and a Certified Information Professional (CIP/AIIM).
Connect with Andrew on LinkedIn.
