It’s been a busy decade for Max Schrems. Since 2013, the Austrian lawyer and privacy activist has filed several lawsuits against companies including Facebook, Google, Amazon, and Spotify, all relating to the collection and transferral of personal data. Schrems I and II, the most significant of those suits, relate specifically to the transfer of personal data from the European Union to the United States.
The impact of this litigation has been far-reaching, to say the least. The “Safe Harbour” arrangement, which was intended to ensure that data transfers between the EU and US were compliant with the European Data Directive, was invalidated in the wake of Schrems I[1]. The EU-US Privacy Shield, essentially developed as a replacement for Safe Harbour, was then itself struck down in the EU Court of Justice’s ruling on Schrems II[2].
Despite these victories, Schrems isn’t finished yet. Even the new and refined EU-US Data Privacy Framework has attracted his ire, leading the lawyer to state that – although he is “sick and tired of [the] legal ping-pong” – he expects to be back in court on the matter early this year[3]. The road ahead looks both long and heavily litigious.
The Schrems I and II rulings are not just academic debates, either. They have been actively enforced, with the most famous example coming in 2023 when the Irish Data Protection Commission hit Facebook owner Meta with a record €1.2bn fine for violating the General Data Protection Regulation (GDPR)[4]. A year before that, fellow Meta companies Instagram and WhatsApp received[5] substantial fines of their own.
Other than going to show just how much attention is now being given to data privacy as a subject, these cases also speak to a much bigger truth: that there is a very tough and potentially unsolvable problem brewing around the safe transfer of personal data outside of the EU.
Like many other hard-to-solve challenges, the root cause of the issue here is a fundamental difference in philosophy. In Europe, for example, the aforementioned GDPR offers a detailed, expansive, and highly regulated data protection framework. Not only is there no such equivalent in the US at a national level, the agencies and organisations that operate there also tend to have much greater powers around the monitoring and analysis of personal data.
While the evolution from Safe Harbour to the Data Privacy Framework has brought those contrasting philosophies a little closer together, they are still defined more by their differences than their similarities. As a result, most organisations have come to the difficult realisation that – when it is transferred from the EU to the US – personal data is simply less secure by default.
That brings us to where we are today. Correct or not, the general feeling is that many of the lobby groups protesting against the Data Privacy Framework would like to get to the point at which data cannot be transferred out of the EU. That would take us into the same space as China’s Personal Information Protection Law, which dictates that any business handling a certain amount of personal data there localises its storage and processing operations[6].
Taken to its logical extreme, that kind of stipulation could ultimately require a company to have a dedicated – and segregated – data centre for every territory in which it operates. As well as the obvious cost implications, that would lead to fragmentation as well, making such an approach fundamentally unpalatable for many. Instead, it’s far likelier that this deadlock will lead to even greater interest in Privacy-Enhancing Technologies (PETs).
At their core, PETs are a set of tools that help to reduce some of the most significant risks associated with personal data. Those tools cover a great deal of ground; under that overarching PETs umbrella, you’ll find everything from Tor browsers through to the concept of Self-sovereign Identity (SSI), which aims to give individuals greater control over their digital identity.
From a privacy perspective, some of the most interesting applications of PETs cover fields like encryption and anonymisation. Homomorphic encryption, for instance, allows data to be analysed without having to be decrypted first. Then, you have pseudonymisation (where personal identifiers are replaced with artificial ones) and differential privacy (which adds “noise” to a dataset to prevent individuals from being identified).
Ultimately, PETs are not new. Even something as basic as a secret ballot could be considered to be a PET – in the broadest sense of the definition, at least. At a high level, though, these technologies could drive a fundamental shift in the balance of power around knowledge and insights.
Take OpenSAFELY, for instance, an open-source software platform that enables researchers to analyse electronic health records data. Said data is highly secure and entirely anonymised, and all activity on the platform is publicly logged – but the information at the heart of OpenSAFELY is also freely available, an increasingly uncommon situation in a world where data has tangible commercial value.
Ideas like OpenSAFELY also take us into the field of federated learning, in which artificial intelligence (AI) models are trained using data that sits on “the edge”. MELLODDY – another healthcare-related project – employs just that approach, with predictive machine learning models trained using decentralised data from 10 global pharmaceutical companies.
The Open Data Institute (ODI) has been understandably supportive of projects of this kind, noting the growing importance of data stewardship, and the application of federated learning to the pursuit of “public, charitable or educational aims”.
As vital as these societal benefits may be, of course, they are not the only appealing thing about PETs. In a world where the safe and legal transfer of data between different geographic territories is becoming almost impossible, concepts like federated learning and decentralised analysis should also hold obvious appeal for any organisation that doesn’t want to be tied to localised data storage and processing.
For that reason alone, I believe we’ll see considerable investment into the companies that are developing PETs over the next few years, particularly those focused on some of the specific anonymisation and encryption techniques mentioned above.
PETs are not a blanket solution, of course. Even with the best technology – and the best intentions – there will inevitably be some kinds of analysis that cannot take place without exposing personal data. In those instances, unless data clean rooms can be used to bridge the gap, the conversation will again go back to where a dataset originated and how it should then be handled.
Nonetheless, as the seemingly endless loop of legislation and litigation continues, technological safeguards like PETs can be a crucial part of a solution, offering near-term options when combined with strong data stewardship. For those truly international organisations, where the accessibility and availability of international data forms the beating heart of their business, that day can’t come soon enough.
[1] The CJEU's Schrems ruling on the Safe Harbour Decision – European Parliament, 26th October 2015
[2] The CJEU judgment in the Schrems II case – European Parliament, September 2020
[3] EU seals new US data transfer pact, but challenge likely – Reuters, 10th July 2023
[4] Facebook owner Meta fined €1.2bn for mishandling user information – The Guardian, 22nd May 2023
[5] eta faces record EU privacy fines – Politico, 4th December 2022
[6] China’s new data-transfer mandate prompting multinationals to rethink market strategy - PwC
A look at dunnhumby’s unique Customer Data Science, which is at the core of everything we do.
Combining the latest techniques, algorithms, processes and applicationsUnlock the value of your data assets
Govern data more effectively and manage risk confidentlyCookie | Description |
---|---|
cli_user_preference | The cookie is set by the GDPR Cookie Consent plugin and is used to store the yes/no selection the consent given for cookie usage. It does not store any personal data. |
cookielawinfo-checkbox-advertisement | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category . |
cookielawinfo-checkbox-necessary | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
CookieLawInfoConsent | The cookie is set by the GDPR Cookie Consent plugin and is used to store the summary of the consent given for cookie usage. It does not store any personal data. |
viewed_cookie_policy | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
wsaffinity | Set by the dunnhumby website, that allows all subsequent traffic and requests from an initial client session to be passed to the same server in the pool. Session affinity is also referred to as session persistence, server affinity, server persistence, or server sticky. |
Cookie | Description |
---|---|
wordpress_test_cookie | WordPress cookie to read if cookies can be placed, and lasts for the session. |
wp_lang | This cookie is used to remember the language chosen by the user while browsing. |
Cookie | Description |
---|---|
CONSENT | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
vuid | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website. |
_ga | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
_gat_gtag_UA_* | This cookie is installed by Google Analytics to store the website's unique user ID. |
_ga_* | Set by Google Analytics to persist session state. |
_gid | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
_hjSessionUser_{site_id} | This cookie is set by the provider Hotjar to store a unique user ID for session tracking and analytics purposes. |
_hjSession_{site_id} | This cookie is set by the provider Hotjar to store a unique session ID, enabling session recording and behavior analysis. |
_hp2_id_* | This cookie is set by the provider Hotjar to store a unique visitor identifier for tracking user behavior and session information. |
_hp2_props.* | This cookie is set by the provider Hotjar to store user properties and session information for behavior analysis and insights. |
_hp2_ses_props.* | This cookie is set by the provider Hotjar to store session-specific properties and data for tracking user behavior during a session. |
_lfa | This cookie is set by the provider Leadfeeder to identify the IP address of devices visiting the website, in order to retarget multiple users routing from the same IP address. |
Cookie | Description |
---|---|
aam_uuid | Set by LinkedIn, for ID sync for Adobe Audience Manager. |
AEC | Set by Google, ‘AEC’ cookies ensure that requests within a browsing session are made by the user, and not by other sites. These cookies prevent malicious sites from acting on behalf of a user without that user’s knowledge. |
AMCVS_14215E3D5995C57C0A495C55%40AdobeOrg | Set by LinkedIn, indicates the start of a session for Adobe Experience Cloud. |
AMCV_14215E3D5995C57C0A495C55%40AdobeOrg | Set by LinkedIn, Unique Identifier for Adobe Experience Cloud. |
AnalyticsSyncHistory | Set by LinkedIn, used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries (which LinkedIn determines as European Union (EU), European Economic Area (EEA), and Switzerland). |
bcookie | LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognise browser ID. |
bscookie | LinkedIn sets this cookie to store performed actions on the website. |
DV | Set by Google, used for the purpose of targeted advertising, to collect information about how visitors use our site. |
ELOQUA | This cookie is set by Eloqua Marketing Automation Tool. It contains a unique identifier to recognise returning visitors and track their visit data across multiple visits and multiple OpenText Websites. This data is logged in pseudonymised form, unless a visitor provides us with their personal data through creating a profile, such as when signing up for events or for downloading information that is not available to the public. |
gpv_pn | Set by LinkedIn, used to retain and fetch previous page visited in Adobe Analytics. |
lang | Session-based cookie, set by LinkedIn, used to set default locale/language. |
lidc | LinkedIn sets the lidc cookie to facilitate data center selection. |
lidc | Set by LinkedIn, used for routing from Share buttons and ad tags. |
li_gc | Set by LinkedIn to store consent of guests regarding the use of cookies for non-essential purposes. |
li_sugr | Set by LinkedIn, used to make a probabilistic match of a user's identity outside the Designated Countries (which LinkedIn determines as European Union (EU), European Economic Area (EEA), and Switzerland). |
lms_analytics | Set by LinkedIn to identify LinkedIn Members in the Designated Countries (which LinkedIn determines as European Union (EU), European Economic Area (EEA), and Switzerland) for analytics. |
NID | Set by Google, registers a unique ID that identifies a returning user’s device. The ID is used for targeted ads. |
OGP / OGPC | Set by Google, cookie enables the functionality of Google Maps. |
OTZ | Set by Google, used to support Google’s advertising services. This cookie is used by Google Analytics to provide an analysis of website visitors in aggregate. |
s_cc | Set by LinkedIn, used to determine if cookies are enabled for Adobe Analytics. |
s_ips | Set by LinkedIn, tracks percent of page viewed. |
s_plt | Set by LinkedIn, this cookie tracks the time that the previous page took to load. |
s_pltp | Set by LinkedIn, this cookie provides page name value (URL) for use by Adobe Analytics. |
s_ppv | Set by LinkedIn, used by Adobe Analytics to retain and fetch what percentage of a page was viewed. |
s_sq | Set by LinkedIn, used to store information about the previous link that was clicked on by the user by Adobe Analytics. |
s_tp | Set by LinkedIn, this cookie measures a visitor’s scroll activity to see how much of a page they view before moving on to another page. |
s_tslv | Set by LinkedIn, used to retain and fetch time since last visit in Adobe Analytics. |
test_cookie | Set by doubleclick.net (part of Google), the purpose of the cookie is to determine if the users' browser supports cookies. |
U | Set by LinkedIn, Browser Identifier for users outside the Designated Countries (which LinkedIn determines as European Union (EU), European Economic Area (EEA), and Switzerland). |
UserMatchHistory | LinkedIn sets this cookie for LinkedIn Ads ID syncing. |
UserMatchHistory | This cookie is used by LinkedIn Ads to help dunnhumby measure advertising performance. More information can be found in their cookie policy. |
VISITOR_INFO1_LIVE | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | YSC cookie is set by YouTube and is used to track the views of embedded videos on YouTube pages. |
yt-remote-connected-devices | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
_gcl_au | Set by Google Analytics, to take information in advert clicks and store it in a 1st party cookie so that conversions can be attributed outside of the landing page. |