Speed to Insight

What We Solved For and Why

Anonos’ technology and Intellectual Property (IP) future-proof Speed To Insight, Lawfully & Ethically for decades to come by enabling fully-protected batch and real-time use, sharing, combining and enriching of high risk and high-value multi-data asset ecosystems (“Big Data”) on a global basis.

Embedding policy, privacy and security controls into data flows to protect both direct and indirect identifiers when data is in use enables sustainable speed to insight while preserving 100% of source data value. Anonos software and API-based solutions enable these capabilities. Alternatively, third parties may license Anonos IP to incorporate this functionality into their platforms to standardise technical interoperability processes for data movement and sharing.

From Inspiration to State-of-the-Art

Eight years ago, we saw a tug-of-war arising between (i) data utility and (ii) data protection. However, we also observed that traditional approaches to attempting to resolve this tug-of-war involved:

• Trying to obtain data subject consent;
• Anonymising high-risk data (which degraded accuracy and value);
• Restricting processing to controlled centralised environments; or
• Determining that desired uses were not lawful, with the subsequent deletion of high-value data.

While consent and anonymisation looked good on the surface, they had numerous limitations that businesses kept running into; centralised processing was not scalable; and deleting the data prevented valuable insights from being discovered. 

So, we asked ourselves two key questions:

• Utility: What if the value of data for secondary uses equalled or exceeded what was necessary for primary business operations?
• Protection: What if laws or business best practices limited the unrestricted flow, collection and use of sensitive or regulated data?

Our Thesis

In 2012, we predicted² that increasing volume, velocity and variety of Big Data would require:

• Utility: Dynamic in-use data controls at a fine-grained level to ensure high utility decentralised processing.
• Protection: New laws restricting consent-based use and requiring enhanced technical controls for lawful data repurposing, sharing, combining and enriching.

The Current Reality

Eight years later, many global organisations are “hitting a wall” and unable to achieve their digital insight goals because they are:

• Forced to delete data they want to process.
• Limited to lower value centralised processing applications.
• Unable to:

  - Process high value and high-risk data in decentralised applications;
  - Access valuable data they want to process;
  - Share data internally and externally as desired;
  - Combine data sources to maximise value; and
  - Enrich data as desired.

For organisations desiring to share, combine and enrich data to achieve Speed To Insight, Lawfully and Ethically, Anonos uniquely resolves the tug-of-war between data utility and protection while preserving 100% of data utility and enabling compliance with data protection laws.

The following use cases showcase some of the benefits of using Anonos software, API-based solutions or Intellectual Property (IP).

Use Case: Decentralised Data Analytics, AI, ML, Sharing, Combining & Enriching

As noted elsewhere in this Blueprint,³ there are numerous situations in which consent suffers from serious limitations as a lawful basis for processing personal data under the GDPR. First, information provided to data subjects to describe processing must be specific and yet easy to understand. This creates serious issues when attempting to explain complex processes such as data analytics, AI, ML, sharing, combining, or enriching. These limitations are one of the reasons that Legitimate Interests exists as an alternate legal basis. However, lawful Legitimate Interests processing requires adequate technical and organisational safeguards to help protect the fundamental rights and interests of data subjects.

You may be familiar with Digital Rights Management (“DRM”) techniques that are used by companies to limit the numbers of copies of data individuals can make, or how they can otherwise access, music, movies and other digital content. BigPrivacy employs DRM-like principles, but “stands DRM on its head” in a manner that we refer to as Privacy Rights Managemen® or PRM®.⁴ Specifically, BigPrivacy’s fine-grained controls enable the selective use and sharing of personal data with improved multi-stakeholder engagement, all without exposure to unnecessary privacy, security or degradation of-value risks.

Traditional approaches to data protection use no longer effective “static” approaches to protection. As a result, supposedly protected data can be traced back to a data subject because persistent identifiers replace a given data element everywhere it appears. Searching for a persistent identifier that repeats within or across data sets can provide a malicious actor with enough information to unmask the identity of a data subject. Two well-known cases of such unauthorized reidentification involved AOL⁵ and Netflix⁶. Over time, due to advances in technology and threat-actor sophistication, persistent identifiers can be ever more readily linked back to individuals via the “Mosaic Effect.”⁷ An oft cited example of the “Mosaic Effect” saw three seemingly “anonymous” data sets that used the same persistent identifiers – each composed of the zip code, age and gender of US citizens – combined to identify up to 87% of the population of the United States by name.⁸

In contrast, Anonos BigPrivacy uniquely combats the Mosaic Effect by using dynamic de-identifiers, as described in the TECHNOLOGY section below, to introduce uncertainty (entropy) at the data element level. From there, the data controller can selectively reveal only the level of identifiable data which a given user is authorized to see, at a specific time for a specific purpose. However, none of these advantages achieved through finer granularity prevent BigPrivacy from reproducing, when authorized, up to 100% of the value and utility of original source data.

Anonos’ patented technology uniquely protects data dynamically so that decentralized analytics, AI, ML, data sharing, combining, and enriching can satisfy the requirements for Legitimate Interests processing under the GDPR. Anonos BigPrivacy and Lawful Insights API provide data controls for data enablement, allowing organisations to step outside of the silos that centralised solutions create.

Use Case: Compliant Cross Border Data Flows

The June 2020 World Economic Forum Whitepaper titled “A Roadmap for Cross-Border Data Flows: Future-Proofing Readiness and Cooperation in the New Data Economy”⁹ (“WEF Whitepaper”) highlights the following:

As described in this Blueprint, Anonos BigPrivacy uniquely solves the biggest challenge to data sharing, combining and enriching for cross-border data flows: enabling maximum utility from data analytics, AI and ML in real-time, lawfully and ethically. This is because traditional centralised data protection technologies, including encryption, anonymisation, static tokenisation, and differential privacy:

• Significantly degrade the utility of data, distorting the accuracy and predictability of the derived insights;
• Fail to deliver effective protection against unauthorised reidentification in decentralised processing environments; and
• Limit the use of data for data sharing, combining and enriching.

The capability of Anonos BigPrivacy software, API-based solutions and IP to enable policy, privacy and security controls to be embedded into data flows enables organisations and countries to respond to the following calls-to-action in the WEF Whitepaper necessary for lawful and ethical cross-border data flows:

• Allowing data to flow by default;
• Establishing a new level of data protection;
• Prioritising Cybersecurity; and
• Prioritising technical interoperability, data portability and data provenance.

Use Case: IoT and 5G: Maximum Data For Digital Insights

The Internet of Things (IoT) promises dramatic increases in the number and types of devices and sensors capturing data reflective of real-time situations, including valuable geolocation data and other information. 5G provides greater transmission speed, lower latency, and greater numbers of connected devices. The combination of IoT and 5G presents an unparalleled opportunity for valuable digital insight.

Unfortunately, due to ineffective in-use data risk management capabilities, privacy has historically been enforced using data collection minimisation – requiring that all the data that is not immediately needed must be deleted. For example, the US Federal Trade Commission (FTC) staff issued a 2015 report titled “Internet of Things: Privacy and Security in a Connected World.”¹¹ This report recommended that the way to protect the privacy of IoT data was the wholesale deletion of information. This proposal was so absurd on its face that two FTC commissioners refused to endorse the report.¹² A non-partisan research firm (the Information Technology and Innovation Foundation or ITIF), highlighted problems with data collection minimization:

So, how do we allow for the privacy-respectful collection and use of data made possible by IoT and 5G? A new approach to data protection is required: one that uses in-use risk management controls to enforce data use minimisation (versus data collection minimisation). Anonos BigPrivacy does exactly this by reducing risk associated with data in use (i.e., “de-risks” the data) anywhere in the data flow. BigPrivacy technologically enforces the use of only the minimum level of identifiable data necessary for each process to protect data on a dynamic per-use basis. This is the essence of data use minimization.

Data protection can be improved by allowing more data to be collected with appropriate technical and organisational safeguards. By collecting more data about individuals, sophisticated analytics, AI, and ML are possible using less-identifying data that might otherwise have been deleted (leaving only directly identifying data for desired processing). With effective in-use data risk management controls – like those provided by Anonos BigPrivacy – the increase in data collection enabled by IoT and 5G can actually improve privacy-respectful processing.

Use Case: Blockchain: How to Make it GDPR Compliant¹⁴

The defining feature of blockchains is their integrity (i.e., the ability for users of network to trust the accuracy of the data stored in the blocks of the chain), which is guaranteed by their immutability. Once a block has been verified and added to the chain, it may not be removed, edited, or updated. Modifying the data stored in any one block would ‘break’ (i.e., invalidate) all the downstream blocks in the chain. While blockchain data, in the vast majority of cases, is protected by encryption or static tokenisation, it is easy to envision cases where individuals will want to exercise their “right to erasure/right to be forgotten” pursuant to the GDPR by requesting that their data be removed from the blockchain. With public blockchain platforms, such a request would not be possible to fulfill without destroying the integrity of the entire chain.

The Financial Conduct Authority (FCA), the financial regulatory body for the United Kingdom, has warned firms developing blockchain technology to beware of the incompatibility between immutability and the GDPR.¹⁵ Some solutions to this issue have been proposed, such as allowing administrators to edit a blockchain where necessary. However, allowing editing of a blockchain destroys the defining characteristic of blockchain: integrity guarantees delivered via immutability.

The GDPR was authored under an assumption that custodians of data would continue to be centralized entities and thus doesn’t account for decentralized systems such as blockchain.

BigPrivacy uniquely enables blockchain and other distributed ledger technologies (DLTs) to comply with GDPR requirements like the “right to erasure/right to be forgotten” while still satisfying the immutability, auditability, and verification requirements mandated by DLTs for decentralized storage of transactional data.¹⁶

See Appendix A for more information on the Anonos Patent Strategy and Portfolio.

Online Fireside Chats

• First, these “Online Fireside Chats” look at what Speed To Insight is and why it matters, and why a shift away from traditional centralised data protection technologies is critical to achieving this goal.
• Next, they cover some of the challenges involved in maximising data value, such as regulatory controls surrounding both PII and non-PII personal data, over-reliance on traditional data protection technologies, and a lack of access to data.
• Then, they examine how organisations can move toward gaining frictionless insights from their data with a more automated and controlled approach to data use and protection, including in decentralised processing environments. This includes data sharing, combining and enriching, as well as machine learning and AI data use.
• Finally, they discuss the shift in expectations for data protection that has come with the GDPR, and what this means for old data uses that may no longer be lawful. How can organisations defend their previous uses of data, or maintain the ability to use pre-GDPR data that is still valuable?
• These discussions are supported by infographics and diagrams that display some aspects of how BigPrivacy functions, which will be expanded upon in the TECHNOLOGY section below.

Speed To Insight in the New Normal

DOUG LANEY: Gary, I think the COVID-19 pandemic is producing a “new normal” where the processing of digital assets to create timely data-driven insights is increasingly important. One need only look at the impact of consumers not being able to visit brick-and-mortar stores for months, resulting in an extraordinary increase in the use of digital payments. This is proof of an increasingly savvy digital customer base. Organisations that effectively leverage digital insights to provide customers with context-aware, personalised offerings will be the winners in this new normal.

This leads me to believe there will be little middle ground between data insight “haves” and “have nots.” Organisations that cannot implement sustainable strategies for developing and refining digital insights run the risk of becoming non-competitive. In contrast, organisations that implement sustainable, trustworthy and transparent data insight strategies will thrive. Successful data use, sharing and combination arrangements between partners will be the difference between winners and losers.

GARY LAFEVER: I completely agree. The overwhelming increase in people working from home and purchasing goods online has dramatically accelerated our transition to a largely digital world. To survive and thrive, organisations need data-driven insights to anticipate and react to quickly changing buying patterns. This shift underscores the importance of moving beyond traditional approaches to data protection to support new requirements for businesses to gain “Speed To Insight”, but critically, organisations need those insights to be "Lawful and Ethical” as well.

Data only has value when it is in use. Security technologies—like encryption—remain important for protecting data at rest and in transit, but they do nothing to generate digital value or create insights. When data is put to use, the protections afforded by security technologies no longer apply, because these technologies protect data only when in transit or at rest.

Traditional approaches to data protection also create tensions between the business desire to generate digital insights, and the obligation of security and privacy teams to protect their organisation against threats, liability and disruptions to operations from data misuse. While an organisation may be able to spin up a new cloud server in a few minutes, they may have to wait weeks or months to get security and privacy sign-off before going live with a new application on the server. The only data that can be safely used without security and privacy sign-off is data that is not subject to any restrictions.

Development teams focused on using Analytics, AI, ML and data-sharing, combining and enriching technologies to deliver desired business results without addressing data security and privacy risks expose their organisations to significant liability and potential disruption to operations.

This failure to comply with laws, rules and regulations applicable to high-risk but high-value data like personal, business and talent data is a misalignment that can lead to missed business opportunities.

Traditional data protection technologies, like anonymisation via tokenisation, generalisation or suppression, as well as newer techniques like Differential Privacy, synthetic data and homomorphic encryption, protect data when in use but only for centralised processing.

These traditional privacy protection techniques do not support decentralised data processing, sharing, combining, or enriching. Examples of desired decentralised processing include when you want to share or combine datasets between organisations, combine multiple datasets of your own, or use datasets from different places for machine learning and AI. Since traditional data protection technologies are centralised, they limit the availability of data needed to generate robust digital insights.

In addition, traditional centralised data protection technologies often only focus on protecting immediately identifying data, often referred to as Personally Identifying Information, or PII. But, recent laws like the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR) require protection of more than just PII. These laws extend the obligation for data protection to indirectly identifying data, such as age, gender, birthdate and location. When these indirect identifiers are combined, they can be used to re-identify an individual.¹⁸ This is why laws like the CCPA and GDPR require their protection as well.

In summary, traditional centralised data protection technologies can:

• Create insurmountable tensions between business and security/privacy teams;
• Delay access to desired processing until digital insights are less timely and less relevant; and
• Limit data insights to those available from centralised applications that cannot be linked together.

In contrast, Anonos decentralised data protection helps to resolve these issues by creating pre-approved schemas for non-identifying versions of data, called Variant Twins.

Variant Twins can be created for different processes to selectively disclose only the level and type of data approved in advance by security and privacy teams for each use case. By embedding policy, privacy and security controls into data flows to manage risk, use-case specific Variant Twins enable lawful and ethical decentralised data use, sharing, and combining so that businesses can gain “Speed To Insight, Lawfully & Ethically.”

DOUG LANEY: Gary, can you provide a use case where Anonos technology helps to enable speed to insight, lawfully & ethically?

Use Case: Speed To Insight, Lawfully & Ethically

GARY LAFEVER: Let's take the example of a global firm with EU employees that wants to do Talent Analytics around the world. Firms are only just starting to become aware that talent data must now be processed differently to remain lawful and to avoid undesirable disruptions to business operations.

These challenges arise primarily because:

• PII (as well as non-PII data that can become identifying when combined) creates liability if processed by employers based on the consent of EU employees because of the imbalance of negotiating power between the parties. This imbalance removes consent as an available basis for lawful processing of data for Talent Analytics under the GDPR.
• Similar problems can arise when sophisticated analytics, AI or ML are desired using non-employee Personal Data beyond the scope of what was described in detail to data subjects at the time of initial data collection.
• In addition, both PII and non-PII can cause significant disruption to operations when data subjects demand that all of their data (not just PII) be deleted or alternatively no longer shared with third parties. Data assets cannot be processed effectively when their very composition and availability change from day to day.

Anonos technology is different from other solutions. Centralised privacy enhancing technologies do not embed controls that flow with the data outside the centralized environment and so may not provide adequate protection to satisfy the balancing of interest requirements necessary for sophisticated analytics, AI and ML to be lawful.

In contrast, Anonos decentralised data protection technology manages risk differently based on the level and nature of risk involved in different processes, regardless of where the data goes. This helps to ensure that digital insights are lawful and equitable, both within and between organisations.

Maximising Data Utility

DOUG LANEY: Infonomics, the term I coined in my book to describe monetising, managing, and measuring information for competitive advantage, is even more important for organisations to survive and thrive in today’s economy. They must maximise the value and pace of their data journey to succeed. Infonomics in these highly uncertain times does not tolerate inefficiency.

Successful data sharing and data use arrangements will make all the difference between post pandemic winners and losers. Sustainable, trustworthy and transparent data strategies require that adequate controls exist to satisfy both customers and data sharing partners that the data collaboration will be safe as well as effective. Without adequate controls, organisations may not get access to the data they need for successful digital insights.

GARY LAFEVER: I think that’s right: effective extraction of digital insights requires controls that protect data in use while preserving utility.

Organisations can capture the most value when they can use data across multiple environments with different partners to discern insights. Maximum data value often comes from combining data sets, adding new information, and processing data from different perspectives. For effective digital insight strategies, organisations must control the exchange of specific information with different partners, meet contractual obligations, and process data under controlled conditions internally and externally.

Customers as well as data sharing partners may be unwilling to share data if the organisation who wants to collaborate with them does not have adequate controls in place.

On the flipside, if an organisation relies on traditional data protection technologies, like anonymisation via tokenisation, generalisation or suppression as well as newer techniques like Differential Privacy, synthetic data or homomorphic encryption, they may not get access to all the data they need for effective digital insights. This is because these technologies only protect data for limited centralised purposes.

Anonos decentralised data protection technology resolves these issues by controlling data use across multiple environments and with different partners. This is helpful when organisations experience trouble getting access to third-party data to augment the value of their data assets, or when third parties express concern about potential liability or business disruption from using data provided by the organisation.

Anonos decentralised data protection technology enables lawful and ethical multi-party processing both inside and outside of an organisation’s environment. The key is our combination of anonymisation capabilities, GDPR-compliant Pseudonymisation (CCPA-compliant heightened de identification), and patented risk-based controls that flow with the data to control relinking capabilities.

By embedding dynamic, risk-based controls into data flows, as highlighted by Gartner when they awarded Anonos “cool vendor” status, Anonos technology is able to maximise data utility and value while preserving 100% accuracy.¹⁹

DOUG LANEY: Gary, can you provide a use case where Anonos technology helps to enable access to data for digital insights?

Use Case: Enabling Access to Data for Digital Insights

GARY LAFEVER: Let’s look at a consulting firm that wants to provide supporting data and analysis to help clients make and execute strategic and tactical decisions. Professional advisory firms are increasingly concerned about lawful and ethical access to the data that is necessary for them to provide value to clients. Challenges arise primarily because:

• The data obtained from customers may be problematic in terms of liability.
• Dealing with PII, or non-PII data that can become identifying when combined with other data, can cause disruptions to operations. This occurs when data subjects demand that their data be deleted, as firms must then show that it is deleted. Data assets cannot be processed effectively when they are constantly changing.

  - Value-add to data is needed, e.g. combining data among clients, and from third parties.
  - Third-party data can often be “contaminated” with PII.
  - Alternative data sources may not be willing to accept the liability and risk associated with sharing data.

Anonos decentralised data protection is different from other solutions. Tokenisation and other PETs work in some circumstances, but do not embed controls that flow with the data outside centralized environments to enable decentralised processing. Anonos technology does not rely on privacy “boxes” or “cages” to protect data: rather, we put the controls into the data, so that risk is managed wherever the data goes, even during data sharing, combining, or transforming.

This approach ensures uninterrupted access to third-party data and alternative data and protects consulting firms from legal or operational risk. Consulting firms can:

• Use Lawful Insights API™ to transform data coming from third-party data providers into usable “Variant Twins” that are lawful, ethical, and accurate.
• Enable alternative data sources to use Lawful Insights API to control the data they make available to the consulting firm or its clients.
• Provide customers with access to BigPrivacy to send data to and receive data from the consulting firm for specific purposes.
• Share and combine data with and between clients with reduced risk of liability or operational disruption for any party.

Reducing Friction in Data Processing

DOUG LANEY: Gary, what does Anonos do to reduce friction in data processing, while complying with the requirements of both internal and external parties? Can data be made available to achieve business outcomes across different ecosystems in a way that is lawful and ethical, but also efficient and timely?

GARY LAFEVER: Anonos’ decentralised data protection technology allows data to be processed in an automated way to achieve desired business outcomes with full awareness of, and the ability to remove, potential roadblocks to processing. Anonos does so by embedding policy, privacy and security controls into data flows. These are centralised controls over decentralised processing, that automate the balancing of complex, multi-issue processing to comply with established policy, privacy and security requirements.

Data sharing, combining and enriching is where data value, insight, privacy and security meet. Without Anonos decentralised data protection, desired data uses may be too risky or unlawful, or the value of the data may be diminished. Processing performed using traditional centralised data protection technologies may be too slow and inefficient to obtain digital insights as quickly as they are needed. With Anonos, however, organisations can comply with internal and external requirements while maximising data control, use, and value.

Once an organisation builds a portfolio of desired processes using Anonos technology configurations, Data Protection Impact Assessments (DPIAs) and related technical and organisational safeguards, new use cases can be supported using variations of these, so that bespoke DPIAs become the exception.

Anonos does this by leveraging:

• Record-level GDPR pseudonymisation and CCPA-heightened de-identification to support controlled relinking to all source data, not just reversal of pseudonyms or de-identifiers;
• Microsegment (mSeg™) level pseudonyms/de-identifiers to support privacy-respectful data enrichment and omnichannel personalisation that does not require surveillance of individuals; and
• Dynamic de-identifiers within and between datasets to defeat linkage attacks.

DOUG LANEY: Gary, can you provide a use case where Anonos technology helps to enable automated processing for frictionless insights?

Use Case: Automated Processing for Frictionless Insights

GARY LAFEVER: Nothing creates more friction between a Data User and a Third-Party Data Provider than liability from tainted or unlawful data or disruptions to operations when a data subject requests that their data be deleted. The following graphics highlight differences between traditional centralised approaches to protecting data and Anonos’ decentralised approach. Anonos enables organisations to collect, use and share data in more efficient, faster, and more focused ways, with an entirely new approach.

The dark blue circles on the left represent parties holding data that they have protected using their own centralised data protection like anonymisation via tokenisation, generalisation or suppression, or newer techniques like Differential Privacy, synthetic data or homomorphic encryption, all of which protect data for centralised processing only.

Here, the Data User is protected from risk.

In this example, none of these parties are sharing data with each other. So, even if one party has defective controls, it does not affect other parties since there are no links between them.

But if a Third Party receives data from the external party with defective controls, that Third Party is now exposed to potential liability and disruption of operations.

If that Third Party then shares data with the Data User, the Data User is now also exposed to potential liability and disruption.

Anonos decentralised data protection technology is specifically designed for this situation and insulates the Data User from these risks.

If the Third Party wants to use the results of processing by the Data User to relink to source data, Anonos technology also insulates the Third Party from potential liability and disruption of operations in the other direction.

Anonos patented decentralised data protection technology enables businesses to achieve desired outcomes with confidence, by protecting entire data ecosystems in both directions.

Defending Digital Insights

DOUG LANEY: Some people wonder why digital insights are so important in the post-pandemic world. It's because organisations need new sources of value to replace those that have been lost, and they also need to diversify revenue streams. In addition, they need to solidify relationships with existing customers and improve upon partnerships via commercial data exchange relationships.

It seems to me that Anonos can help to reconcile the opposing forces of regulation and monetisation necessary to achieve these results. On the one hand organisations have new controls and regulations to contend with, which reduces their ability to derive digital insights from leveraging data assets both internally and externally. On the other hand, they have an imperative to monetise data in new and innovative ways to generate new value streams. Gary, can you explain how Anonos helps to bridge this widening divide?

GARY LAFEVER: Anonos data protection technology can be integrated into data lakes, into streaming data, into batch processing, or applied at the network edge, to enable decentralised data use, sharing, combining and enriching to be accomplished in a flexible and scalable way.

This means that digital insights can be achieved in compliance with global data protection standards, vertical industry regulations and data sovereignty or localisation requirements. Anonos does this by combining the benefits of anonymisation, Pseudonymisation (as newly defined in the GDPR), CCPA heightened de-identification and patented proprietary techniques. Using this combined approach, Anonos enables accurate decentralised data use, sharing, combining and enriching in compliance with regulatory and risk management requirements.

The core of Anonos' capabilities is centered around our non-identifying versions of data, called Variant Twins, which are our patented approach to controlling selective date use and disclosure.

With Variant Twins, organisations only provide the type and level of identifiable data needed for each authorised process. This aligns with modern data protection principles like data minimisation and purpose limitation. Because all Variant Twins are derived from the original source data, organisations suffer no degradation in data value or accuracy.

Variant Twins:

• Deliver resistance to reidentification of anonymous data;
• Enable data controllers to retain absolute control over the re-linkability of their data;
• Preserve 100% of the utility of source data;
• Protect data in use; and
• Activate express statutory benefits under data protection laws.

Variant Twins improve upon the statutory capabilities and benefits allocated to state-of-the-art privacy techniques like Pseudonymisation under the GDPR and heightened de-identification under the CCPA. They do so in a way that enables digital insight objectives to be achieved while respecting and enforcing the fundamental rights of data subjects in a data-driven ecosystem.

DOUG LANEY: Gary, can you share a use case where Anonos technology helped to defend the lawfulness and ethics of desired processing”?

Use Case: Defending Lawfulness and Ethics of Desired Processing

GARY LAFEVER: We are working with a European bank that is interested in using enhanced market intelligence to develop new cross-sell and upsell opportunities for existing and prospective customers. But to create useful market intelligence to generate new opportunities for clients and partners, the bank required access to timely digital insights and expanded data use.

Some of the challenges were:

• Sharing and exchanging data with partners and third parties to better serve customers and partners was necessary to create better business outcomes.
• Customer needs and expectations could not be met or understood without the data.
• Access to the data, processing and the resulting insights were not lawful without enhanced data protection capabilities being put in place, but the protection could not reduce data utility or enablement.

By leveraging BigPrivacy Variant Twins, the bank is able to preserve data value while enabling sophisticated risk-based decentralised processing so that it can benefit from:

• Access and use of data that they otherwise would not have.
• Enhanced accuracy in insights and market intelligence.
• Data exchange with partners for more effective offerings to customers.
• Increased availability, and improved stability, of data assets.