Lausanne, Switzerland – October 6^th, 2020

Two leading Swiss providers of privacy and security solutions, Pryv and CYSEC, announce a strategic collaboration focused on integrating their products: the personal data & consent management middleware Pryv.io and the confidential computing solution ARCA from CYSEC. The two Swiss trust-tech companies are jointly pursuing strategic opportunities as part of their growth strategies.

Businesses operating in highly regulated markets such as healthcare, insurtech, mobility and fintech collect, use, and store sensitive personal data at scale. They must therefore adopt the highest privacy and security standards to ensure that data remains protected throughout the full lifecycle and across all three states of data: data at rest, in transit and in use. The need for secure data management has spawned a new era of data protection and privacy regulation and practices including: GDPR; Swiss DPA; CCPA, PIPEDA. And more stringent regulation will follow.

Organizations face regulatory constraints at many stages of software design and must make decisions on how best to manage access control rights, provide data auditing capabilities and store / host data.  As more organisations and entire industries embrace the collection of personal data and its processing, they too will become subject to highly stringent regulations.

While the collection and use of personal data has become increasingly mainstream, only few organisations have invested in reliable data management and storage solutions that provide the necessary security and privacy. Most organisations remain without protection. The risk is not only a potential fine of 20M EUR or more, but also losing the trust of users. Once lost, user trust and an organisations reputation are very hard to regain. To avoid this, it is imperative to work with the right privacy and security tools.

The Pryv.io Personal Data & Privacy Management Software allows businesses to build digital solutions that can collect, store, share and rightfully use personal data. It comes with must-have consent and auditing tools to keep the clients compliant with existing and forthcoming regulations.

The ARCA solution leverages certified hardware to secure data in use, enabling sensitive data to be processed inside a trusted execution environment. In this way, data can be processed without exposing it to the rest of the system, reducing exposure of sensitive data and providing greater control and transparency for users. Its main advantage is the ease of integration as it is compatible with modern virtualization tools that software developers use, including Docker, Kubernetes, VMWare. The solution can be deployed in centralized, decentralized and distributed architectures.

Pierre-Mikael Legris, CEO at Pryv SA said: “By combining ARCA and Pryv.io, companies will blend best of breed security and privacy- by-design technologies for their backend and enhance trust for their customers.”

Florian Wiedmann, Secure Analytics Manager at CYSEC commented: “Organisations looking to comply with increasingly stringent data regulation require a one-stop solution for all their data security and management needs. Teaming up with Pryv will allow us to achieve this goal: A solution that offers both security and critical data management tools to allow organisations to achieve compliance easily.”

Trust is critical for companies that manage personal data. Combining ARCA’s security and Pryv.io’s privacy by design technology provide a robust, secure and consent-based backend to achieve trust. The integration of Pryv.io and ARCA provides businesses with an easy to deploy solution to collect, structure, share, use and store personal and sensitive data without compromising on security and compliance. ARCA and Pryv.io are further integrated with TAK by Build38.

About Pryv

Pryv makes essential software for data-driven healthcare innovation. Our purpose-built middleware helps organizations manage personal data from creation to use, sharing and disposal. We accelerate time to market, cut IT development costs and speed up connectivity to all data sources. Pryv addresses the enhanced citizen’s right under GDPR and turns privacy compliance into a competitive advantage. For more information, please visit pryv.gihub.io/www

About CYSEC

CYSEC SA is a cybersecurity company based at the EPFL Innovation Park in Lausanne, Switzerland, whose mission is to shorten the time-to-market of innovative services by facilitating their integration into a secured IT environment. To achieve its mission, CYSEC developed a general-purpose security platform called ARCA able to store data and execute applications in a Trusted Environment. By lowering down the barriers to protect data and software, CYSEC enables its customers to benefit from a whole new level of flexibility and agility which is a game-changer today considering the fast-pace at which security and business requirements evolve. CYSEC focuses on the provision of its cybersecurity solutions in four vertical sectors, namely financial services, IoT, space and telecoms. For more information, please visit www.cysec.systems

  Media Contacts

CYSEC SA

Florian Wiedmann

Secure Analytics Manager

florian.wiedmann@cysec.systems

Pryv SA

Evelina Georgieva

CBDO & Co-founder

The post Pryv and CYSEC launch an integrated solution for collection and confidential computing of personal data at scale appeared first on Pryv.

Once upon a time we used to think of banking as private safes and white collars. Today, it is certainly one of the most promising areas for data-driven innovation. Each time a user pays online, it leaves behind a digital trail of information, allowing for infinite data-fueled possibilities. Yet just like banknotes, personal financial data needs to be kept safely. This means in this case: in compliance with the GDPR, Swiss DPA or any other relevant data protection regulation. 

Open Banking: Mastering privacy & consent  to unlock the personal data superpower

The growth of personal data usage is exponential and affects almost any industry. On one side of this growth, there are the users who keep calling for more on-click personalised offerings and “fluidity” of data transfer. On the other, businesses that are striving to deliver on these demands in the best possible way. Some of these businesses, however, are just kicking off in the personal data economy services accessing. This has been core for the banks and financial industries.

Banks online & payments: guardians of trust

While the pandemic casted a harsh light on the notion of personal data collection and privacy respect, it also further strengthened the boost towards contactless and online paying services. Unlike other industries operating with personal data, the banking industry is fortunate to be one step ahead when it comes to trust: people trust banks and other financial entities to safeguard their personal data more than other organizations. Perhaps for this reason, digital banks and mobile financial applications have been growing like weeds in the past few years; trust being the “magic” seed of their super-fast expansion.

« Bank 4.0: banking everywhere. Never at a bank »

As banking services are being digitized, paying cash is becoming a thing of the past. Twint, Revolut and other “one-click” solutions are becoming the new way to pay for anything, anywhere. And online banking apps are the new go-to for managing bank accounts anytime, “stay home”-compliant and safe. So, if banks were long seen as closed physical places with thick walls and locked doors, they are now becoming prime actors of the rising personal data economy. A rise reinforced by the recent introduction of Open Banking: a practice that provides third-party service providers open access to consumer banking transactions and financial data through the use of application programming interfaces (APIs).

Open Banking Poker Face: Superhero or Supervillain?

Open banking introduces a new paradigm that opens up many business opportunities. Whereas initially seen as a way to enable exchanges between financial institutions, it is now spreading faster and even beyond expectations. Unforeseen personal data offerings in a cross-industry corporation arise indeed when personal and financial data is derived and aggregated. And in a world where everything can be bought a click away, derived applications are endless. 

Applications, “Sur-mesure”.

Just to mention a few, service providers already suggest personalized offerings based on correlating financial and personal data, like targeted budgets for monthly shopping, savings and loans. Thanks to the data collected through open banking, the app can be made perfect for any user: depending on the stage of your life whether you are a student, a parent, buying property or planning retirement, it will provide you with an offer which suits you best.

Privacy-first (un)locks Open Banking

Still, if Open banking is great for business, it is also referred to as a nightmare when it comes to privacy. Especially, the system raises questions as regards to the privacy of the users whose data is being shared: do they understand what their data is being used for? Are they given the opportunity to give explicit consent as required by the GDPR? To ensure that open banking will benefit the users and not foster discrimination, strong safeguards have to be put in place.

Solution: Beyond secrecy, use Pryv.io personal data and consent management solution to enhance your users privacy.

“Personal data aggregation, sharing and processing should be as effective, secure and trustworthy as online banking.” – Pryv

If one could argue that not sharing any data would be the best solution to ensure users privacy, we beg to disagree: Privacy doesn’t have to be only secrecy. At Pryv, we envision a world where privacy is the ability to share personal data with awareness, trust and control.

“Giving explicit consent to collect and share personal data has per core requirement that users understand which data we are talking about. Trust comes with the ability to check the content of these data and the exchanges between all parties. Like banks that provide detailed reports of all transactions in time, classified in bank accounts” – Pierre-Mikael Legris, CEO of Pryv

Enhancing trust requires rethinking consent. In this new paradigm, privacy is not a compliance tick box but an opportunity to break data silos, differentiate products and services, and attract end-users with trust, transparency and empowerment.

“Pryv.io data model provides all data in “time series” contextualised and classified in streams. It is designed to provide the same readability and transparency as your bank report. So anyone could make decisions and check its execution with a minimum of effort.”

Beat the “get-user-consent” fear: start managing your users’ data exactly as the bank manages your money! Learn more about how Pryv.io can help you win users’ trust by collecting and using their personal data rightly.

Yours,
Stephanie & Evelina

Additional Sources:

• https://fintechnews.ch/open-banking/open-banking-in-switzerland-an-overview/32199/
• https://www.finextra.com/blogposting/19282/the-value-that-open-banking-brings-to-each-market-player
• https://medium.com/@nordigen/5-future-open-banking-use-cases-e5168c233bff
• https://tarabutgateway.com/open-banking-use-cases-beyond-banking/
• https://www.linkedin.com/pulse/data-governance-what-truly-means-manage-asset-julien-tagnon

The post Open Banking: Mastering privacy & consent  to unlock the personal data superpower appeared first on Pryv.

Privacy and data monetization are often seen as two antagonistic concepts. While the privacy-respect represents something that costs time, resources and money, the data monetization on the contrary, is what allows you to bring money in. Thus, when thinking about a successful strategy for bringing economic value to personal data, most companies only think of this data as an asset, and tend to forget about their responsibility.

Yet, with regards to privacy and data protection regulations, personal data is certainly more a company’s liability: a duty to comply with a large number of obligations. But what if you could turn these obligations into an opportunity for your company?

Challenges of rightfully monetizing personal data

Data Monetization is a top priority for any company who makes it its business to collect personal data – if you want to keep your business afloat, you have to generate money. That’s clear.

Yet, at an age dominated by the freeware business model, thinking of a way to bring economic value to this data while respecting users’ privacy is a real challenge, many would say: how to motivate your users to pay for a service they can have for free elsewhere? Or if free, how to make profits without (unethically) selling their personal data?

If it became obvious that selling raw personal data is a very profitable business, there are actually a lot of other ways for companies to monetize their data.

First, you can use it to reduce your costs and enhance your overall business efficiency. Second, you can use it to keep generating more money: not a surprise, but how to do that with respect to users’ privacy rights? Usually, it is there that the conflict between money and privacy arises.

Using Data Privacy to enhance Data Monetization

The thing is, reducing data to money will often blind you about its infinite possibilities. In fact, chances are: starting by addressing data privacy issues will even help you enhance your data monetization strategy. Why is that?

As a first step, you need to realize that just like money, data continuously flows in and out of organisations. And how do you make more money with your actual money? By selling more of your products and services? Sure. But mostly, by having a clear picture of how money runs into your organisation and acting smartly on it.

In a similar way, having a clear picture of your data economy will allow you to be smart about it. You might think of it as an extra task that you don’t want to put your efforts into. But actually, it will demand nothing more that you already have to do: as sorting your personal data lifecycle is the core part of building your data privacy strategy (which you will have to do to comply with data protection regulations like GDPR).

So, just like you can turn your GDPR consent-requirements into an opportunity to build trust with your customers and grow your business, you can turn your data privacy obligations as an opportunity to find new ways to efficiently monetize the personal data you collect, enabling you to solve two problems at once.

So far, so good. But how to build an efficient privacy-preserving data management solution that allows you to meet both your privacy requirements and data monetization goals?

Here is our solution: Pryv.io – a ready-to-use Personal Data Management Platform as foundation to build a compliant, scalable and successful business model

Pryv.io is a personal data management solution that allows companies to rightfully collect, store, share and use personal and health data. We make personal data aggregation, sharing and processing as effective, secure and trustworthy as online banking.

Built to help companies achieve GDPR and HIPPA compliance, Pryv’s solution addresses all the data privacy requirements that you need to stay ahead of existing and forthcoming regulations, but also provides you with a data model precisely designed to aggregate and distribute multiple sources of information.

As we understand the value of combining a robust amount of data and diverse datasets is essential for providing personalized offerings, we wanted to provide companies with a way to do it efficiently and compliantly: we thus designed a data structure that is easy to understand and work with. Data pooling and data aggregation are among the best Pryv.io’s capabilities.

Our solution is customer- and data-centric, which allows any company or startup to have a clear understanding of its data economy – Everything you need to build a strong and ethical data monetization strategy, while being compliant to the most stringent regulations.

The best part? You can already install it, today, for free: Check it out

Open Pryv.io is available in open-source: free, full production, easy-to-install.

Stephanie & Evelina @ Pryv

The post Data Monetization: how to profit from rightfully managing personal data appeared first on Pryv.

TLM Solutions and Pryv partner in Canada to optimize personal data management in new eHealth applications: A ready-to-use solution to meet international privacy standards and a team of recognized data privacy experts fostering healthcare innovation.

The post TLM Solutions and Pryv partner in Canada to optimize personal data management appeared first on Pryv.

*This is a living document that will be updated on a regular basis.

GDPR: remaining within the rules.

The European Data Protection Board (EDPB) says that it is possible to adapt to the situation while remaining within the rules.

“Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic,” says EDPB chair Andrea Jelinek.

“However, I would like to underline that, even in these exceptional times, the data controller must ensure the protection of the personal data of the data subjects. Therefore, a number of considerations should be taken into account to guarantee the lawful processing of personal data.”

Consent and Data Collection

Data Protection Authorities all agree: only essential information should be collected. 

So, only in case that it’s necessary for public health reasons, public health authorities and employers can process personal data without having the consent of the concerned individuals.

If the concept might be simple in theory, it leaves organisations with a lot of questions and challenges to solve. To provide guidance on the subject, International Law Firm White & Case has set out “an overview of some of the key issues for organisations to consider during this crisis, from an EU data protection compliance perspective”.

Mobile location data

« For the processing of electronic communication data, such as mobile location data, additional rules apply. The national laws implementing the ePrivacy Directive provide for the principle that the location data can only be used by the operator when they are made anonymous, or with the consent of the individuals. » 

« When it is not possible to only process anonymous data, Art. 15 of the ePrivacy Directive enables the member states to introduce legislative measures pursuing national security and public security *. This emergency legislation is possible under the condition that it constitutes a necessary, appropriate and proportionate measure within a democratic society. If such measures are introduced, a Member State is obliged to put in place adequate safeguards, such as granting individuals the right to judicial remedy. »

European Commission’s Recommendation on apps for contact tracing, published on 8 April and setting out the process towards a common EU toolbox for the use of technology and data to combat and exit from the COVID-19 crisis

Andrea Jelinek, Chair of the EDPB, said: “The EDPB welcomes the Commission’s initiative to develop a pan-European and coordinated approach as this will help to ensure the same level of data protection for every European citizen, regardless of where he or she lives.”

Letter concerning the European Commission’s draft Guidance on apps supporting the fight against the COVID-19 pandemic

In its letter, the EDPB specifically addresses the use of apps for the contact tracing and warning functionality, because this is where increased attention must be paid in order to minimise interferences with private life while still allowing data processing with the goal of preserving public health.

MDR: Postponed. 

Parliament adopted the European Commission proposal, allowing the application of the Medical Devices Regulation to be postponed by one year until 26 May 2021.

«This postponement will take the pressure off national authorities, notified bodies, manufacturers and other actors so they can focus fully on urgent priorities related to the coronavirus crisis.

Vice-President for Promoting our European Way of Life, Margaritis Schinas, said: “Shortages or delays in getting key medical devices certified and on the market are not an option right now. The Commission is therefore taking a pragmatic approach and delaying the entry into application of new EU rules on medical devices, so we can have our medical industries pouring all their energy into what we need them to be doing: helping fight the pandemic. This shows once again that the European Union is leaving no stone unturned in our support to national public health systems in their hour of need.”

Sources: https://www.europarl.europa.eu/news/en/press-room/20200415IPR77113/parliament-decides-to-postpone-new-requirements-for-medical-devices

Switzerland: The principles of the Federal Act on Data Protection, must be respected.

The authorities, in cooperation with health institutions, are doing everything possible to stem the rapid spread of the coronavirus. Insofar as private individuals (in particular employers) process personal data to combat the pandemic, the principles set out in Article 4 of the Federal Act on Data Protection must be respected.

Source:

https://www.edoeb.admin.ch/edoeb/en/home/latest-news/aktuell_news.html

France: CNIL Recalls Data Protection Rules in the Context of the COVID-19 Outbreak

The French Data Protection Authority (the “CNIL”) issued guidance which outlines some of the principles relating to personal data processing. 

The Guidance stresses that employers may not implement measures to fight against the coronavirus pandemic that would infringe on employees’ or visitors’ right to privacy, especially by collecting personal health data that would go beyond what is necessary to determine potential exposure to the virus. 

Source: https://www.huntonprivacyblog.com/2020/03/20/cnil-recalls-data-protection-rules-in-the-context-of-the-covid-19-outbreak/

Germany: A solid framework for privacy and health innovation

German Authorities Issue Guidance Related to Coronavirus.

Germany is among a few countries that have already set-up the scene for effective promotion of remote patient monitoring and digital health adoption. Digital Health Innovators can apply for the DiGA “Fast Track” and have their solutions reimbursed and prescribed by physicians. 

« The Health Innovation Hub, established by Germany’s Ministry of Health, published a list of trusted telemedicine services. Most of these are available for free, towards which citizens can turn during the pandemic. » 

Sources:

https://hih-2025.de/here-to-stay-digital-health-in-times-of-covid-19-a-german-deep-dive/

https://www.datenschutz-mv.de/datenschutz/publikationen/Corona/

https://www.insideprivacy.com/covid-19/german-authorities-issue-guidance-related-to-coronavirus/

https://www.bfdi.bund.de/DE/Datenschutz/Themen/Gesundheit_Soziales/GesundheitSozialesArtikel/Datenschutz-in-Corona-Pandemie.html?nn=5217154

https://medicalfuturist.com/how-germany-leveraged-digital-health-to-combat-covid-19/

UK: marks a shift in its privacy policy on patient data collection and usage 

The National Health Service in England has sent out a document that marks a shift in its policy on patient data. It mentions the use of data to understand trends in the spread and impact of the virus and “and the management of patients with or at risk of Covid-19 including: locating, contacting, screening, flagging and monitoring such patients”.

In this regard, the UK Information Commissioner’s Office (ICO) also published “a handy guide to what you need to know about data protection during the pandemic” that specifically addresses the concerns of healthcare organisations and professionals.

Sources: https://www.gov.uk/government/publications/coronavirus-covid-19-notification-of-data-controllers-to-share-information

https://www.bbc.com/news/technology-52135916

Globally: A closer look at privacy updates during pandemic, at a glance

The latest guidance and information from The Global Privacy Assembly (GPA members) and observers on data protection and COVID-19 can be find in the source below:

Source: https://globalprivacyassembly.org/covid19/

The post Privacy and Health Regulation updates during Covid-19: Must-know updates appeared first on Pryv.