Publication date: April 11, 2023
In the light of the GDPR, the principles of data protection do not apply to data whose links between personal data and the persons concerned have been irreversibly removed. Consequently, anonymization is not subject to the provisions of the GDPR Regulation. However, the measure that the GDPR directly indicates as a method of data protection is pseudo-anonymization. In this case, personal data is replaced in such a way that with the use of appropriate information it is possible to identify the persons to whom data relates.
The main mechanism on which pseudo-anonymization is based is the replacement of sensitive information with identifiers, which are then properly encrypted, but in a way that allows the possible reversal of this procedure. Therefore, in the whole process, we receive two sets of information, the first is a set of data that we cannot associate with any natural person, and the second is information containing identifiers that allow the data to be assigned to a specific person. Only authorized users have the ability to reconstruct data. According to the findings of The Article 29 Working Party, we can distinguish five anonymization techniques. They are secret key encryption, hash function, hash function with key, deterministic encryption and tokenization.
More
Publication date: April 11, 2023
In the process of data collection, the personal data protection system imposes a relative ban on automated decision-making on controllers (Article 22 of the GDPR), the obligation to take into account data protection by design (Article 25 section 1 of the GDPR) and default data protection (Article 25 section 2 of the GDPR), as well as the need to carry out an assessment of the effects of processing for data protection (data protection impact assessment – art. 35 GDPR). The Data Protection Regulation serves protective purposes, which is to ensure the protection of the rights and freedoms of data subjects in connection with the processing of their personal data, taking into account, however, the principles of data protection regulated in art. 5 of the GDPR, especially reliability and transparency, data minimization and the risk-based mechanism approach.
Under the essence of data protection by design within the meaning of Art. 25 of the GDPR, the controller is obliged to take into account the protection of personal data already at the design stage of a specific solution, service or artificial intelligence system. This is to ensure, among other things, that the protection of personal data will become an immanent element of each project already at the stage of creation.
More
Publication date: March 01, 2023
As the popularity of NFT continues to grow, more and more people are buying and selling these unique digital assets on various platforms. However, as with any online transaction, there are important privacy considerations to keep in mind. It is important that NFT buyers and sellers understand how their personal information is collected, used and shared by the platforms they use.
The registration process on the platforms may vary and require additional verification by the registrant. The Foundation, for example, requires sellers to verify their account before they can sell NFTs, while OpenSea and Rarible do not have a verification process.
More
Publication date: March 01, 2023
On 28th February 2023, the European Commission has sent a Statement of Objections to Apple about its concern on the contractual restrictions that Apple imposed on app developers on music streaming providers. Specifically, on the contractual restrictions which prevent them from informing iPhone and iPad users of alternative music subscription options at lower prices outside of the app and to effectively choose those. The Commission thinks that this performance violates EU’s law because Apple’s anti-steering obligations are unfair trading conditions in breach of Article 102 of the TFEU (Treaty on the Functioning of the European Union).
More