A top European Court recently ruled that companies must protect data not previously considered sensitive data. The new definition includes information that could be used to infer other sensitive information. Such data will now need to be protected.
The ruling includes unstructured data and introduces new complexities. It includes the extension of protection to data that could be used to infer other information about consumers does introduce a layer of complexity to companies trying to remain compliant. For instance, unstructured data is much more challenging to analyze and scrub, so companies will need new solutions to ensure that no potentially revealing information falls through the cracks.
Companies with large datasets may be unaware of how much of it reveals potentially sensitive information about their customers or clients. Companies wouldn’t be able to use their data without analyzing it to find those details that indirectly reveal other information. The courts have struggled in the past with what constitutes sensitive data, and this ruling takes the route of caution.
See also: Legacy System Security is Riskier than Cloud
Detractors are skeptical it can be enforced, but supports are pleased
Critics of the ruling believe that it will require too great a burden for companies—particularly small businesses—to understand and analyze data without running afoul of the new regulation. It will require companies to rethink data transparency. For large companies with complex data ecosystems, the regulation will require an ecosystem retool for greater transparency.
Many contend that the ruling could have major implications for online platforms that currently use background tracking and profiling to personalize ads or to feed recommender engines.
Supporters of the regulation believe it will help create greater protections and considerations around all data consumers leave behind as they interact with organizations online. It may also help consumers have more say in exactly when and how data is used. The law allows organizations to process sensitive data with the consumer’s express permission and through narrowly defined goals.
In the coming months, we’ll see how this changes how organizations interact with data and what role consumers will have in determining the balance between revealing too much and offering enough to get valuable experiences back.
Elizabeth Wallace is a Nashville-based freelance writer with a soft spot for data science and AI and a background in linguistics. She spent 13 years teaching language in higher ed and now helps startups and other organizations explain – clearly – what it is they do.