The overview of interesting Data & IT Law articles and news in December 2016!
EU companies cannot be forced to retain data
The Court of Justice of the EU issued an important case Tele2 Sverige AB v. The Swedish Post and Telecom Authority, Case no. C-203/15. Bloomberg BNA analyses the decision in more detail.
In this case, the Court ruled that “EU countries that adopt legislation imposing on companies a blanket obligation to retain personal data and make it available to law enforcement agencies are in breach of EU-wide law. (…) (G)overnments can require companies, such as telecommunication and internet providers, to retain traffic and location data for specific law enforcement-related purposes, but retention orders should be targeted, limited to the combating serious crime, and only permitted to deviate from data protection standards “insofar as is strictly necessary.”
The Court also held that “Electronic communications providers that retain data in line with government orders must “take appropriate technical and organizational measures to ensure the effective protection of retained data against risks of misuse and against any unlawful access to that data,” and retained data should not be transferred outside the EU, the court said. The court ruling also said that law enforcement authorities that receive retained data from companies “must notify the persons affected” when a notification “is no longer liable to jeopardize the investigations being undertaken.”
Is data anonymization still a possibility for companies?
Data anonymization is one of the methods how companies can reduce the legal obligations imposed by data protection legislation. However, according to the article at techtarget, in recent years, data anonymization became more and more complicated.
“Pseudonymization of data is achieved by either removing the identifiers or by replacing them with a random ID or hashing them with a salt”. However, the author argues that “in the era of big data, data anonymization techniques fail to deliver because there are hundreds of thousands of data points for a single individual”. The author mentioned a MIT research that shows that “it requires just four pieces of information to identify 90% of the people in a data set containing credit-card transactions of over a million users.”
What is the alternative?
The author argues that is it the computer science research. The goal should be to focus “on building secured infrastructure that will allow the use of data while giving people strong guarantees that the data is used in a privacy-conscientious manner.”
The real life example of using blockchain for real estate contracts
Coindesk.com published an interesting article about a project trying to use blockchain technology for recording lease contracts.
The city of Rotterdam and Deloitte are developing a platform for managing housing transactions. The first part is to build a mechanism for recording lease agreements. “The next step will be monitoring the rental payments. By implementing additional blockchain applications in the real estate industry transaction times and costs can be reduced further. Furthermore, it enables decision makers to use data analysis for making future investment decisions on selling, buying and constructing real estate.”
The article also refers to the Port of Rotterdam, which tests its own testing applications. At dataitlaw, we have already covered another possibilities for the use of blockchain contracts (data security or copyright protection).
Podcast about Law and Artificial Intelligence
The authors of artificiallawyer.com website started to publish podcasts about the developments in the law and the artificial intelligence sphere. It might be a good way for anyone interested in this topic to keep up-to-date with the developments in the more user-friendly way.