1.0
Traditional Segment
Based Marketing
Separation of identity and trade data with segment-based outreach relying on data subjects to identify themselves individually
Previous Compliant Approach Use “Identity Resolution” to Reach Individuals
Step 1
Geographic
Segmentation
Behavioral
Segmentation
Psychographic
Segmentation
Demographic
Segmentation
Step 2
2.0
Identifying
Data Marketing
The Internet-enabled easy attribution of data to individuals resulting in pursuit of single-view-of-customer across 1st and 3rd party platforms and at-scale, but now non-compliant, “segments of one”
Current Non-Compliant Approach Use “Identity Resolution” to Reach Individuals
Step 1
Step 2
3.0
GDPR-Era: Dynamically Abstracted Segment-Based Enrichment
Leverage Variant Twins to create privacy-respectful micro-segments for lawful data sharing & enrichment
Compliant Micro-Segment Approach Use mSegs to Enrich Data Without Using Identifying “Personal Data”
Geographic
Segmentation
Behavioral
Segmentation
Psychographic
Segmentation
Demographic
Segmentation
Step 1
Step 2
 

 

 

Please consider sharing this www.microsegmentation.com webpage with colleagues as we believe that answers to the four questions below, that Anonos asked in its comment letter submitted in response to the ICO's proposed draft Direct Marketing Code of Conduct, are critical for the benefit of society and industry.

 

Four Questions Asked of the ICO:

 

  1. 1. May different legal grounds co-exist to support separate processes comprising lawful direct marketing, or must a single, unitary legal basis be established to support all end-to-end processing steps (e.g., collection, analytics, outreach, etc.) of personal data for direct marketing?

    2.
    Can direct marketing itself serve as the purpose for which data is collected based on consent?

    3. Can the further processing of personal data for direct marketing purposes be based on Legitimate Interests when supported by pseudonymised microsegments to respect and enforce the fundamental rights of data subjects?

  2. 4. Does all profiling necessarily constitute automated decision making?

 

  1. READ ICO COMMENT LETTER
  2.  
  3. In connection with question 3 above, Anonos included in its comment letter to the ICO the following example of direct marketing in practice, Anonos Microsegmentation, in which consent serves as the "centerpiece" of the puzzle, with other "pieces" (including, but not limited to, the Legitimate Interests legal basis) allowing for lawful data processing. 
  4.  
    1. Anonos Microsegmentation in Support of Direct Marketing
  5.  

    Anonos Microsegmentation leverages Anonos’ technology, which transforms digital representations of people - or “Digital Twins” - into privacy-respectful “Variant Twins” of personal data by applying Pseudonymisation-enabled anonymisation techniques.[1] The resulting Variant Twins are use-case-specific, privacy-enhanced versions of Digital Twins. Privacy policies are embedded at the data element level, satisfying statutory and contractual requirements for lawful data use.[2] Variant Twins are ideal for creating  privacy-respectful microsegments that support GDPR-compliant direct marketing, as explained below.

     

    Anonos Microsegmentation – Benefits and Advantages

     

    With Anonos Microsegmentation:

     

    • - Data subjects are presented advertising offers in their capacity as members of small, dynamically-changing subgroups called microsegments. Based on their individual characteristics, data subjects can be included in multiple microsegments. The composition of microsegments changes dynamically, as new or updated data on data subjects results in their movement in or out, corresponding to the specified characteristics associated with the microsegment.

    • - Organisations can reach groups of people represented by microsegments in which they are interested. However, data subjects are approached as members of groups and not as individuals. It is up to each data subject to ‘raise their hand’ if they want to respond to an offer. Crucially, at any time, data subjects can opt out of being included in further outreach based on microsegments.

    • - Compliant direct marketing campaigns can scale at a global level. Microsegmentation is not limited to solving GDPR compliance, as it is able to adapt to changes in data regulation globally. It also supports business objectives based on ethics and trust, completely separate from legal frameworks.

    • - The data supply chain becomes more accountable and transparent.

    • - Technical controls support data minimization and purpose limitation, while reducing the scope of unnecessary data sharing, and alleviating privacy-related risks to data subjects.

    • - Data subject consent serves as the "centerpiece" of the puzzle, with other "pieces" (including, but not limited to, Legitimate Interests as a legal basis) applied in situations where consent doesn’t apply, to allow for lawful processing. This can help to handle the complexity of the processing underlying data use in the direct marketing industry.

    • - A bridge is built between consent-based processing and Legitimate Interests-based processing by leveraging GDPR principles of Pseudonymisation and Data Protection by Design and by Default to technically enforce data access and boundaries.

    • - A win-win combination of technical controls can allow data controllers to process data, prove how they did it, and protect individual privacy rights, while achieving legitimate business objectives in an ethical and lawful manner.

    • - Auditable controls can be embedded into the process. This can allow oversight organisations and auditors to gain demonstrable insight into how processing has been performed, helping data controllers to reflect "demonstrable accountability" and meet GDPR requirements. 

     

    Anonos Microsegmentation powers a new direct marketing data ecosystem into which data subjects opt-in. This helps to meet high regulatory standards for consent by enabling:

    • - Robust user controls;

    • - A compelling user engagement experience; and

    • - Strong technology-enforced privacy controls.

     

    In doing so, Anonos Microsegmentation offers strong incentives for users to consent to data collection for the express purpose of being included in microsegments processed by the system. 

     

    They key to building trust whilst ensuring privacy is to encourage direct marketing models to evolve in ways that provide transparency and leverage technical and organisational safeguards to enforce privacy protection and to secure data subject rights. This opens up the possibility of broader reliance on legal bases such as Legitimate Interest to process personal data for direct marketing purposes. 

     

    Here too, Anonos Microsegmentation can support compliance. Its use of enhanced pseudonymisation, anonymisation techniques, and k-anonymity create strong technical safeguards that support the use of Legitimate Interests as a legal basis by reducing the risk to data subjects’ rights. This risk is reduced to such a degree that the balancing test can be tipped in favor of the data controller, which allows greater flexibility in the processing of personal data for direct marketing. 

     

    Anonos Microsegmentation enables and enforces trust and ethical business practices. In addition, Anonos Microsegmentation can demonstrate to regulators that innovative technologies and new industry approaches can meet the rights and expectations of data subjects while allowing responsible data use.

    • - Anonos Microsegmentation is more privacy respectful and efficient than other approaches to direct marketing.

    • - Anonos Microsegmentation gives organizations access to the same advanced targeting with no decrease in insight accuracy.

    • - Individuals benefit from improved privacy and control over third-party access to and use of identifying information about them. 

     

    A trusted party handles the “last mile”[4] of data subject interaction to ensure that no identifying information about data subjects is revealed, except as specifically authorized by the data subjects. 

    Using their relationship with the trusted party, data subjects can consent to receive relevant ads based on their inclusion in dynamically-changing and privacy-respectful microsegments.

     

    The trusted third party has separately-stored information and secret keys necessary to “re-identify” individuals from within the microsegments for direct marketing purposes (this would be the “additional information” necessary under the GDPR Article 4(5) definition of Pseudonymisation required for authorized re-identification to occur). During processing, all personal data is pseudonymised and organised into privacy-respectful microsegments, and the processor during the microsegmentation process does not have access to the “additional information,” keeping data subject privacy intact.

     

    The trusted party has a direct relationship with data subjects participating in the microsegmentation  system and takes steps necessary to comply with data subject rights under the GDPR, including the following, as applicable:

    • - Article 12 - Transparent information, communication and modalities for the exercise of the rights of the data subject (including disclosure that personal data will be used to create ‘lookalike’ audiences, etc.)
    • - Article 13 - Information to be provided where personal data are collected from the data subject
    • - Article 14 - Information to be provided where personal data have not been obtained from the data subject
    • - Article 15 - Right of access by the data subject
    • - Article 16 - Right to rectification
    • - Article 17 - Right to erasure ('right to be forgotten')
    • - Article 18 - Right to restriction of processing
    • - Article 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing
    • - Article 20 - Right to data portability
    • - Article 21 - Right to object
    • - Article 22 - Automated individual decision-making, including profiling

     

    Anonos Microsegmentation – The Details


    The following is a more detailed explanation of how microsegments work to preserve privacy and data utility for direct marketing purposes.

    This is accomplished as follows:

    • - A data controller first collects personal data for the express purpose of direct marketing after having obtained GDPR-compliant consent from a data subject with whom they have a direct relationship.

    • - Contemporaneous with obtaining consent, notice is provided of further processing for the express purpose of direct marketing based on Legitimate Interests. This notice describes the intended processing as well as the technical and organisational controls used to mitigate risks to data subjects’ interests and rights.

    • - Collected data is immediately protected through a combination of anonymisation and enhanced pseudonymisation techniques that are applied not only to direct identifiers, but also to indirect identifiers, and in particular, those that are used to specify the schema(s) defining the microsegments.

      • - These techniques are applied in compliance  with GDPR requirements for Pseudonymisation[5] and Data Protection by Design and by Default[6] in accordance with guidelines by the European Union Agency for Cybersecurity (previously, the European Union Agency for Network and Information Security, ENISA).[7]

    • - The resulting privacy-protected “Variant Twins” are then shared by various data controllers with one or more trusted third parties for pooling into a combined dataset comprising large numbers of data subjects and a wide variety of microsegments. Importantly:

      • - Trusted third parties are explicitly and transparently identified as a joint-controller/data processor during the consent and Legitimate Interest(s)s notification processes.

      • - Pseudonyms used by each data controller are unique to their data subjects, and unique between Variant Twins they share with different trusted data partners.

      • - Data controllers hold the “information kept separately” needed to reattribute pseudonymised data to data subjects, but only for their own customers. Trusted third parties are in possession of the information held separately needed to create microsegments comprising data from multiple data controllers, and to do the re-identification necessary to present offers to data subjects on behalf of a party who wants to engage in targeted direct marketing.

    • - Data subjects have the express right to withdraw their consent to receive targeted direct marketing at any time. 

Footnotes:

[1] Pseudonymisation, as newly defined in Article 4(5) of the GDPR, protects against the negative effects of data breaches and prevents profiles from being used for decisions to communicate to an individual without the protections required by effect Data Protection by Design and by Default, as now required under Article 25 of the GDPR. The European Union Agency for Cybersecurity (ENISA) has published two reports since the adoption of the new GDPR definition of Pseudonymisation on best practices for compliant pseudonymisation - in November 2018 and 2019. EDPS Opinion 7/2015 on Meeting the Challenges of Big Data further highlights Pseudonymisation as playing “a role in reducing the impact on the rights of individuals, while at the same time allowing organisations to take advantage of secondary uses of data.”  A document providing a comparison of Anonos Pseudonymisation technology to ENISA published Guidance on Pseudonymisation is available at https://www.anonos.com/enisa-guidelines.

[2] Anonos state-of-the-art Pseudonymisation technology enables lawful repurposing of data while preserving 100% accuracy to maximise data utility by expanding opportunities to ethically process, share and combine data in compliance with evolving data privacy regulations. Additional information about Anonos, BigPrivacy and Variant Twins is available at www.anonos.com

[3] Consent-based data collection and processing does not work in all circumstances - e.g., where processing cannot be described with sufficient detail at the time of data collection. For example, privacy notices may lack clarity, processing may be difficult to define, etc. The GDPR provides for an alternative legal basis for processing - which picks up where consent leaves off - to enable lawful processing in these situations if the requirements for Legitimate Interest processing are satisfied.

[4] The term “last mile” is used in the telecommunications, cable television and Internet industries to refer to the final leg of delivering communications to a retail customer.

[5] See GDPR Article 4(5).

[6] See GDPR Article 25.

[7] See www.anonos.com/ENISAguidelines