1 / 8

Analytics: Perils and Promises of the new EU Privacy Law "GDPR"

Analytics: Perils and Promises of the new EU Privacy Law "GDPR". Axel Arnbak. ABN AMRO, Beyond Banking, 8 June 2018. GDPR is here to stay: Impact hard to underestimate for companies. Fines up to EUR 20,000,000 or 4% of annual worldwide turnover of an "undertaking"

berg
Download Presentation

Analytics: Perils and Promises of the new EU Privacy Law "GDPR"

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Analytics: Perils and Promises of the new EU Privacy Law "GDPR" Axel Arnbak ABN AMRO, Beyond Banking, 8 June 2018

  2. GDPR is here to stay: Impact hard to underestimate for companies • Fines up to EUR 20,000,000 or 4% of annual worldwide turnover of an "undertaking" • Consent strict requirments, burden of proof • Transparency expanded requirements to inform consumers • Data rights forindividualsbroadened: access, data portability, erasure • Accountability able to show exactly what you're doing, e.g. data processing record • New obligations Data Protection Impact Assessments, Privacy by design/by default • Data Protection Officer obligation to employ an 'internal watchdog' • Profiling prohibited, unless… Much stricter regime • Data security breach reporting requirements introduced (NL: existing duties expanded) Take note - new opportunities for big data analytics: Pseudonymisation

  3. The rise of AI Analytics: Selfies for Life InsuranceGDPR compliance possible, requires serious effort Lapetus: How it works • Take a selfie • AI analyses 1000+ datapoints • Ageing, Gender, BMI • Whether you smoke • Disease detection • AI combines analysis with 'biodemographic' information • 9 personalised questions • Immediate quote Zurich UK: FaceQuoteapp • Launched 15 Jan. 2018

  4. GDPR: profiling perils, big data opportunitiesCreate separate profiling and analytics database 'Profiling' requirements increasingly strict • Art. 22: profiling prohibited, unless.. ? • Consent, necessary for performance of contract • Rec. 71: over 30 criteria re: profiling (!) • Art. 12-16: user rights enhanced • New rights to human intervention, data erasure, algorithmic accountability, evaluation 'statistical methods' etc. 'Big data' opportunities through pseudonymisation • Rec. 50: analytics compatible w/ original collection purposes: no separate legal basis (e.g. consent) Step 1: Remove identifiers in legacy databases, store separately Step 2: Perform big data analytics Step 3: Obtain consent and re-identify customers for marketing

  5. GDPR: pseudonymisation, correctly applied, provides opportunity for advanced analytics All writings available at: https://axelarnbak.nl/

  6. Remember with innovative analytics: data ethicseven if legal, not always accepted by consumers

  7. Questions?

More Related