The co-founders of Anonos, 20-year successful business partners Gary LaFever & Ted Myerson, previously predicted the increasing risks from a shift in the financial services market to algorithmic financial securities trading. Their previous company, FTEN, invented new technology enabling real-time dynamic risk controls that fueled innovative lawful trading. NASDAQ acquired their former company for nine figures in 2010 and deployed its technology in over 100 financial markets around the globe. They founded Anonos in 2012 to bring their visionary insight to bear to address an even more significant market opportunity – lawful and ethical Big Data use. Having revolutionised the financial securities industry by inventing new technology to manage risks that arise only at the precise time that a securities trade occurs (“at-trade risk”), they set out to accomplish an even bigger goal: to invent new technology to control risks that only arise at the precise time that data is actually put to use in Big Data processing (“in use risk”). Anonos invested eight years in Research & Development (similar to a biopharma company) to understand the architectural underpinnings and shortcomings of the then-current state-of-the-art technology, which only protected data: (i) when at rest (in storage) or when being transmitted (in transit), but did not protect data when actually in use as required for Big Data; or (ii) when in use for limited centralised environments, but did not protect data when in use for widespread decentralised environments as required for Big Data.
See the discussion on “Limitations of Consent” in the TECHNOLOGY section, and the description of “Data Safe Have #2 - Legitimate Interests Processing” in the COMPLIANCE section, below.
Ted Myerson, Co-Founder and President of Anonos, presented a TED Talk on how Privacy Rights Management (PRM) as enabled by Anonos BigPrivacy “stands DRM on its head.” A video of, and the transcript for, this TED Talk is at https://www.ted.com/talks/ted_myerson_big_data_needs_big_privacy. “TED Talk” is a trademark of Ted Conferences, LLC.
See Anonos granted Patent No. 10,572,684 titled “Systems and Methods for Enforcing Centralized Privacy Controls in De-Centralized Systems.” See Appendix A for more information on the Anonos Patent Strategy and Portfolio.
Caserta (https://caserta.com/) is a strategic consulting and innovation technology implementation firm that helps clients leverage emerging technologies to advance business leadership.
See USE CASE: Decentralised Data Analytics, AI, ML, Sharing, Combining & Enriching above.
Controlled Relinkable Data consists of Replacement De-Identifiers (R-DDIDs) and Association De-Identifiers (A-DDIDs), as more fully described herein. The concept of Controlled Linkable Data was presented at an International Association of Privacy Professionals (IAPP) program entitled General Data Protection Regulation (GDPR) Big Data Analytics featuring Gwendal Le Grand, Director of Technology and Innovation at the French Data Protection Authority—the CNIL, Mike Hintze, Partner at Hintze Law and former Chief Privacy Counsel and Assistant General Counsel at Microsoft, and Gary LaFever, CEO and General Counsel at Anonos and former law partner at Hogan Lovells (see https://www.anonos.com/iapp-gdpr-data-analytics-webinar-replay) and explained in a Whitepaper co-authored by Messrs. Hintze and LaFever entitled Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics (see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2927540)
This is why the term Pseudonymisation is used fifteen (15) times in the GDPR, compared Anonymisation which is used only three (3) times, and Encryption which is used only four (4) times in the GDPR. No other Privacy Enhancing Techniques (PETs) are referenced in the GDPR. Benefits of GDPR compliant Pseudonymisation include, but are not limited to, the following: (i) tipping the balance in favour of Legitimate Interests processing (Articles 5(1)(a), 6(1)(f), and WP29 WP 217); (ii) more flexible change of purpose (Article 5(1)(b), WP29 WP 203); (iii) more expansive data minimisation (Articles 5(1)(c), 89(1)); (iv) more flexible storage limitation (Articles 5(1)(e), 89(1)); (v) enhanced security (Articles 5(1)(f), 32); (vi) more expansive further processing (Article 6(4), WP29 WP 217); (vii) more flexible profiling (WP29 WP 251 rev.01 - Annex 1, Recital 71, Article 22); and (viii) ability to lawfully and ethically share, combine and enhance data (recitals 42 and 43, Articles 11(2), 12(2), WP29 WP259 rev.01).
Paul Ohm is a Professor of Law at the Georgetown University Law Center on Privacy and Technology in Washington DC.
Controlled Linkable Data consists of Replacement De-Identifiers (R-DDIDs) and Association De-Identifiers (A-DDIDs), as more fully described in herein. The concept of Controlled Linkable Data was presented at an International Association of Privacy Professionals (IAPP) program entitled General Data Protection Regulation (GDPR) Big Data Analytics featuring Gwendal Le Grand, Director of Technology and Innovation at the French Data Protection Authority—the CNIL, Mike Hintze, Partner at Hintze Law and former Chief Privacy Counsel and Assistant General Counsel at Microsoft, and Gary LaFever, CEO and General Counsel at Anonos and former law partner at Hogan Lovells (see https://www.anonos.com/iapp-gdpr-data-analytics-webinar-replay) and explained in a Whitepaper co-authored by Messrs. Hintze and LaFever entitled Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics (see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2927540)
A data controller cannot in good faith claim the benefits of “Anonymisation” when decentralised processing makes it impossible to be aware “…of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly” as required under GDPR Recital 26. Claiming “Anonymisation” exposes a data controller to potential liability if re-linkability and unauthorised reidentification is possible.
A digital twin is a digital replica of a living or non-living physical entity. The term refers to a digital replica of potential and actual physical assets (physical twin), processes, people, places, systems and devices that can be used for various purposes. See https://en.wikipedia.org/wiki/Digital_twin
The term Pseudonymisation is used fifteen (15) times in the GDPR, compared Anonymisation which is used only three (3) times, and Encryption which is used only four (4) times in the GDPR. No other Privacy Enhancing Techniques (PETs) are referenced in the GDPR. Benefits of GDPR compliant Pseudonymisation include, but are not limited to, the following: (i) tipping the balance in favour of Legitimate Interests processing (Articles 5(1)(a), 6(1)(f), and WP29 WP 217); (ii) more flexible change of purpose (Article 5(1)(b), WP29 WP 203); (iii) more expansive data minimisation (Articles 5(1)(c), 89(1)); (iv) more flexible storage limitation (Articles 5(1)(e), 89(1)); (v) enhanced security (Articles 5(1)(f), 32); (vi) more expansive further processing (Article 6(4), WP29 WP 217); (vii) more flexible profiling (WP29 WP 251 rev.01 - Annex 1, Recital 71, Article 22); and (viii) ability to lawfully and ethically share, combine and enhance data (recitals 42 and 43, Articles 11(2), 12(2), WP29 WP259 rev.01).Further details about GDPR requirements for and benefits of Pseudonymisation are included in the TECHNOLOGY section above. Additional information concerning Pseudonymisation are available at www.Pseudonymisation.com. See also Appendix B for Cross Reference to ENISA Pseudonymisation Guidance.
The concept of Controlled Linkable Data was presented at an International Association of Privacy Professionals (IAPP) program entitled General Data Protection Regulation (GDPR) Big Data Analytics featuring Gwendal Le Grand, Director of Technology and Innovation at the French Data Protection Authority—the CNIL, Mike Hintze, Partner at Hintze Law and former Chief Privacy Counsel and Assistant General Counsel at Microsoft, and Gary LaFever, CEO and General Counsel at Anonos and former law partner at Hogan Lovells (see https://www.anonos.com/iapp-gdpr-data-analytics-webinar-replay) and explained in a Whitepaper co-authored by Messrs. Hintze and LaFever entitled Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics (see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2927540)
The EU adopted the General Data Protection Regulation (GDPR) in 2016 to replace the1995 Data Protection Directive. Parties were provided two years advance notice to ensure that they complied with new GDPR requirements starting on May 25, 2018 onward.
See the discussion regarding Limitations of Consent in the TECHNOLOGY section above.
See the discussion regarding Functional Separation in the TECHNOLOGY section above.
Anonos has been actively engaged in research and development to advance the state-of-the-art in data protection, privacy and security since 2012. Anonos’ decentralised data protection systems, methods and devices are covered by foundational granted patents (including, but not limited to: EU 3,063,691 issued in 2020; US 10,572,684 issued in 2020; CA 2,929,269 issued in 2019; US 10,043,035 issued in 2018; us 9,619,669 issued in 2017; US 9,361,481 issued in 2016; and US 9,129,133; 9,087,216; and 9,087,215 issued in 2015) and a portfolio of over 70 pending domestic and international patent applications. See Appendix A for more information on the Anonos Patent Strategy and Portfolio.
“The EDPB considers that as an alternative to data subject’s consent, the lawful grounds of processing provided under Article 6(1)(e) or 6(1)(f) are more appropriate. [...] For all other situations where the conduct of clinical trials cannot be considered as necessary for the performance of the public interest tasks vested in the controller by law, the EDPB will consider that the processing of personal data could be “necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject” following Article 6(1)(f) GDPR” (Opinion 3/2019 concerning the Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR) Adopted on 23 January 2019, p.7).
Article 9(2)(j) GDPR provides for the cumulative legal basis necessary to process special categories of data (such as medical data) for statistical, historical and scientific research.
See discussion regarding Functional Separation in the TECHNOLOGY section above.
The concept of Controlled Linkable Data was presented at an International Association of Privacy Professionals (IAPP) program entitled General Data Protection Regulation (GDPR) Big Data Analytics featuring Gwendal Le Grand, Director of Technology and Innovation at the French Data Protection Authority—the CNIL, Mike Hintze, Partner at Hintze Law and former Chief Privacy Counsel and Assistant General Counsel at Microsoft, and Gary LaFever, CEO and General Counsel at Anonos and former law partner at Hogan Lovells (see https://www.anonos.com/iapp-gdpr-data-analytics-webinar-replay) and explained in a Whitepaper co-authored by Messrs. Hintze and LaFever entitled Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics (see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2927540)
See discussion regarding Variant Twins in TECHNOLOGY section above.
For example, see Patent No. 10,043,035 titled “Systems and Methods for Enhancing Data Protection by Anonosizing Structured and Unstructured Data and Incorporating Machine Learning and Artificial Intelligence in Classical and Quantum Computing Environments.” See Appendix A for more information on the Anonos Patent Strategy and Portfolio.
Subject to the right of a data subject under Article 11(2), for the purpose of exercising his or her rights, to provide additional information enabling his or her identification.
The concept of Controlled Linkable Data was presented at an International Association of Privacy Professionals (IAPP) program entitled General Data Protection Regulation (GDPR) Big Data Analytics featuring Gwendal Le Grand, Director of Technology and Innovation at the French Data Protection Authority—the CNIL, Mike Hintze, Partner at Hintze Law and former Chief Privacy Counsel and Assistant General Counsel at Microsoft, and Gary LaFever, CEO and General Counsel at Anonos and former law partner at Hogan Lovells (see https://www.anonos.com/iapp-gdpr-data-analytics-webinar-replay) and explained in a Whitepaper co-authored by Messrs. Hintze and LaFever entitled Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics (see https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2927540)
References to ENISA do not indicate any relationship, sponsorship, or endorsement by ENISA. All references to ENISA are intended to constitute nominative fair use under applicable trademark laws.