Anonos Intervention filed with the CJEU in case EDPS v SRB C-413/23 P

Intervention filed by Anonos with the CJEU in case C-413/23 P, EDPS v SRB, concerning when data is anonymized and falls outside of the scope of GDPR and when data is pseudonymized remaining personal data but with expanded use rights under the GDPR allowing for processing for commercial and other purposes. This Intervention filed with the CJEU was necessary due to the growing popularity of AI dramatically increasing the risk of irreparable harm from processing unsecured personal data. This is because AI involves distributed, multi-party processing of massive amounts of data containing sensitive, personal, and proprietary information on a global scale. Mitigating the associated risks cannot be achieved using traditional privacy and security techniques, effective only within constrained perimeters which is inconsistent with AI’s architectural requirements. It requires technologically enforced controls that travel with the data to prevent misuse before it occurs.

The Anonos Intervention highlights that GDPR-compliant technologically enforced controls can prevent data misuse a priori before it occurs with AI and other processing.
Anonos EDPS v SRB Intervention filed with CJEU in case C-413/23 P
Key Highlights:
  • Anonos requests to intervene in the EDPS v SRB case, highlighting the challenge of safeguarding data privacy in the age of the internet.

  • Cutting-edge AI technologies bring new risks: the easy mix-and-match of data can lead to personal data misuse and breach.

  • GDPR Article 25 propels us towards innovation with privacy at its core, urging data handlers to adopt proactive measures like GDPR-compliant pseudonymization.

  • This isn’t just about compliance; it’s about embedding privacy into the DNA of AI processing by embedding controls in the data so it remains protected wherever it is used.
  • The current landscape of AI and data handling poses serious challenges to anonymization due to:

    • The simplicity of merging AI-processed data with other available information, risking personal reidentification.

    • The question of whether standard privacy measures can really guard against data misuse.

    • The growing scale of data processing that spans countless entities.

    • The surge in data breaches and cybercrime puts personal data at risk of falling into the wrong hands.