Anonos Intervention filed with the CJEU in case EDPS v SRB C-413/23 P

ACCESS SUMMARY

Intervention filed by Anonos with the CJEU in case C-413/23 P, EDPS v SRB, concerning when data is anonymized and falls outside of the scope of GDPR and when data is pseudonymized remaining personal data but with expanded use rights under the GDPR allowing for processing for commercial and other purposes. This Intervention filed with the CJEU was necessary due to the growing popularity of AI dramatically increasing the risk of irreparable harm from processing unsecured personal data. This is because AI involves distributed, multi-party processing of massive amounts of data containing sensitive, personal, and proprietary information on a global scale. Mitigating the associated risks cannot be achieved using traditional privacy and security techniques, effective only within constrained perimeters which is inconsistent with AI’s architectural requirements. It requires technologically enforced controls that travel with the data to prevent misuse before it occurs.

The Anonos Intervention highlights that GDPR-compliant technologically enforced controls can prevent data misuse a priori before it occurs with AI and other processing.

Anonos EDPS v SRB Intervention filed with CJEU in case C-413/23 P

Key Highlights:

Anonos requests to intervene in the EDPS v SRB case, highlighting the challenge of safeguarding data privacy in the age of the internet.
Cutting-edge AI technologies bring new risks: the easy mix-and-match of data can lead to personal data misuse and breach.
GDPR Article 25 propels us towards innovation with privacy at its core, urging data handlers to adopt proactive measures like GDPR-compliant pseudonymization.
This isn’t just about compliance; it’s about embedding privacy into the DNA of AI processing by embedding controls in the data so it remains protected wherever it is used.

The current landscape of AI and data handling poses serious challenges to anonymization due to:
- The simplicity of merging AI-processed data with other available information, risking personal reidentification.
- The question of whether standard privacy measures can really guard against data misuse.
- The growing scale of data processing that spans countless entities.
- The surge in data breaches and cybercrime puts personal data at risk of falling into the wrong hands.

Other resources you might like

IDC - Variant Twins: The Key to Safely Leveraging Data for AI

Read the IDC report to discover how to overcome data security & privacy challenges, enable GenAI, and scale utility with performant privacy and Variant Twins.

Enabling Enterprise Use of AI Without the Risk

Discover how protected Variant Twins deliver (i) lawfulness of AI processing, (ii) risk mitigation that gets the privacy team on board, (iii) utility so the data team can deliver what they need, (iv) the ability to "shift left Privacy" to make protected data assets readily available, (v) technologically enforced trust that is auditable and provable.