Evelina Georgieva, Pryv: “investing in data privacy is not only about fulfilling a requirement to achieve compliance”

Today, everyone leaves a digital footprint on the Internet. Whether it’s when you visit a daily newspaper website or when you make online banking transactions. Unfortunately, not all companies put their primary focus on data privacy and that leaves enormous amounts of sensitive information at risk.

It’s essential that businesses would start seeing data privacy as an essential part of building trust and brand reputation rather than a tick-box to achieve compliance. 

So Cybernews invited Evelina Georgieva, the Co-Founder and Business Development Officer at Pryv, to discuss about modern personal data management solutions and how they can empower forward-looking companies.

How did the idea of Pryv originate? What has your journey been like?

Pryv is a blend of ideas initiated more than 10 years ago. While overcoming leukemia, Pierre-Mikael got inspired to develop a solution that will empower patients to stay away from the hospital but still receive crucial monitoring and care remotely. At the same time, Frederic was eager to create a B2C digital place, Facebook-like but with privacy at focus to empower users to master their data sharing and protect their data ownership rights. Simon brought his digital ethics and privacy vision. I (Evelina) joined them when we pivoted from the B2C concept to create Pryv B2B as you know it today: a trusted software vendor of privacy and personal data management solutions. 

Can you introduce us to your personal data management software? What are its key features?

We help organizations manage personal data from creation to use, sharing and disposal. Following the privacy engineering approach, we support our client’s IT teams to ensure that their data privacy compliance is done right: from the very early architecture design to the introduction of data-driven business models. We help them not only accelerate time to market but also cut IT development costs and speed up data utility and scalability across legal jurisdictions, such as the GDPR and industry-specific regulations.

Since 2015, we license our Pryv.io software which is used as a solid foundation to boost the development efforts of “integrated teams” of IT engineers, legal and business experts. The Pryv.io middleware acts as a “plumbing system” which ensures their digital platform has its best chances to engage customers and drive business values – covering the entire data lifecycle and the data privacy aspects.

Among the bestseller features are the dynamic consent, extensible data model, decentralized storage for scalability, and data mapping for automatic integration with existing warehouses.

In your opinion, what data privacy issues should more people be concerned about?

It is yet not clear enough that privacy and security are different. Unlike security, which nowadays is well understood by almost anyone, data privacy is still unclear. Privacy can be translated in different ways and have different meanings. While some will correlate it with limiting access to data, others, like us at Pryv, will look at data privacy as a tool to unlock data values. For us, privacy is not secrecy, but the ability of individuals to use their data, act on their rights and give informed consent for the rightful processing of this data. Thus, each stakeholder can win more from the unlimited power that personal and contextualized data can bring.

My message to the users will be first to decide what privacy means to them and then take decisions and measure risks versus opportunities.

How do you think the recent global events affected your field of work?

The effect of the Covid pandemic, the growing power of information war, the upscaling Digital Democracy, and the rapidly changing Data Protection Regulations on a global scale, just to name a few, have been undoubtedly an eye-opening momentum for any forward-looking business. It became apparent that investing in data privacy is not only about fulfilling a requirement to achieve compliance but an imperative to build trust, protect brand reputation, and develop new revenue streams. 

Some experts believe that keeping up to date with data privacy trends and requirements could even be the selling point for customers. Can you share some tips for businesses looking to update their privacy policy? 

We believe that personal data aggregation, sharing, and processing should be as effective, secure, and trustworthy as online banking. This is a must-have to empower the user to understand the value of the data, how to manage and control it, and promote trust and engagement. 

In this new paradigm, privacy is not a compliance tick-box but an opportunity to break data silos, differentiate products, and services and attract end-users with trust, transparency, and empowerment. 

We advise our customers to embed privacy-DNA in any process of their organizations, early in the development phase, ensure cross-functional team and privacy-engineering capabilities and thus guarantee they can deliver competitive user-attracting services and open up new horizons for achieving high ROI in a short period and overtime.

What dangers can customers be exposed to if a company they trust struggles to ensure compliance? 

Besides the obvious non-compliance and loss of brand reputation and trust, for many businesses, a data protection breach will mean a loss of business that could be as strong as pushing the business to bankruptcy.

For users, understanding the trusted brand lacks privacy compliance might result in disappointment and disengagement, as well as pushing the individuals to act on their data rights (where is my data stored, prove me you have my consent and what so for, provide an audit on the data interactions, etc.) Incapacity to deliver will again result in impressively huge fines and serious business consequences.  

What are some of the worst mistakes companies tend to make when it comes to handling large amounts of customer data?

The biggest mistakes in my opinion are the following:

• Undervaluing the importance and impact data privacy has on their business
• Misunderstanding the data privacy principles
• Non-differentiating data privacy and security
• Not being able to identify data categories correctly
• Lacking efficient data governance strategy
• Implementing “bolt-on” patching solutions
• Missing the right team expertise

Talking about individuals, what actions should average Internet users take to protect their personal data online? 

Before taking action, we advise users to be informed about the data privacy rights they have and then to act on them. 

Share with us, what’s next for Pryv?  

We have recently introduced a powerful extension of our services by teaming up with OpenWT. As part of Pryv corporate development and pivotal time of growth, Pryv continues its full operations, focused on delivering licenses of its proprietary Pryv.io software, while data privacy consultancy services will be carried out by the OpenWT Data Privacy Excellence Practice.

About Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives. The CyberNews Investigation team uses white-hat hacking techniques to find and safely disclose cybersecurity threats and vulnerabilities across the online world. Leaks of users’ personal information? Security flaws in enterprises? Exchanges of sensitive data on the dark web? They’re on it. The CyberNews Editorial team provides cybersecurity-related news, analysis, and opinions by industry insiders. They are working independently and transparently following our Editorial guidelines.

The post Evelina Georgieva, Pryv: “investing in data privacy is not only about fulfilling a requirement to achieve compliance” appeared first on Pryv.

Pryv.io Personal Data Mapping to enable automatic integration with existing warehouses.

Integrate existing data warehouses with Pryv.io privacy back-end:

• Make legacy systems (warehouses) easy to integrate with new external systems within a privacy-compliant environment. 
• Significantly reduce time and errors managing data-subject requests.

Pryv developed and commercialized a privacy-by-design middleware system that provides full, innovative personal data life cycle management. This technology allows for privacy compliance, interoperability and data sharing to a granular-level, using transparent, unambiguous enforcement of consent applied on a data set.

Pryv.io Data Mapping provides companies with existing data warehouses the means to adopt faster innovation, integrate real-world personal data and build better personalised services, all within a transparent and privacy-compliant environment. 

Existing systems usually face major hurdles integrating with external solutions with the synchronisation of very big datasets and the transfer and storage of multiple copies of sensitive data. Pryv.io Data Mapping allows:

• to benefit from the capacity of privacy-by-design models;
• map dynamically existing datasets in a transparent and unambiguous form, presented to an individual for his enlightened consent;
• unlock the capacity to offer privacy on legacy datasets.  

Request A Presentation

Current status for managing data-subject requests on personal data access and processing by systems without privacy-by-design architecture:

Today, initiating a NEW data processing in organizations with legacy systems involves time consuming processing for the Data Protection Officer (DPO) to scope the necessary datasets, collect consents and verify compliance with applicable regulations. Furthermore, it requires manual intervention of technicians to extract datasets. Multi-employees interaction and manual processes are prolonged, lack efficiency and generate errors. Such processes would not be acceptable in the short-mid term. Investments in innovation and automation must be considered. (Pic. 1)

Managing data-subject requests on personal data access and processing by implementing Privacy-by-design solutions 

Privacy-by-design solutions digitalize consent collection and offer effective control over the personal data life cycle. Pryv.io provides a privacy-by-design framework to interact with personal data. This framework only operates on data it controls. (Pic.2) Still, this solution requires the data to be fully copied and synchronized from/with the legacy system. This process is not optimal for large data warehouses, data lakes and highly dynamic data sets.

Pic.2 Managing data-subject requests on personal data access and processing by implementing Privacy-by-design solutions

Solution: Personal Data Mapping to enable automatic integration with existing warehouse for managing data-subject requests on personal data access and processing

To meet the needs of mapping large data warehouses, data lakes and highly dynamic data sets, Pryv has developed a new technology that maps dynamically existing datasets in a transparent and unambiguous form to be presented to an individual for his enlightened consent.  

“Unlocking the capacity to offer privacy on legacy datasets allows us to provide our services to a much broader set of companies handling personal data, which is important since the older ones are more in need of an up-to-date system regarding privacy regulations.” says Pierre-Mikael Legris, CEO and co-founder of Pryv SA.

Privacy-by-design solutions digitalize consent collection and offer effective control over personal data life cycle. Pryv.io provides a privacy-by-design framework to interact with personal data. To operate, this framework must stand as a “gateway” to interact with personal data. Including Dynamic Mapping. On Existing Datasets allows to benefit from privacy by design for new over existing data sets. (Pic.3)

Pic.3 Personal Data Mapping to enable automatic integration with existing warehouse for managing data-subject requests on personal data access and processing

To learn more about how Pryv.io Dynamic Data Mapping will resolve your personal data management needs and facilitate automatic integration of personal data mapping with your existing warehouses contact us at: https://github.com/pryv

For more features by Pryv.io, visit: https://pryv.github.io/www/tag/features/

Developer resources: https://pryv.github.io/

Commercial applications: https://pryv.github.io/www/news-list/

The post Pryv.io Personal Data Mapping to enable automatic integration with existing warehouses appeared first on Pryv.

Technology made it possible to have the world at a fingerprint. As a result, every day, millions of users leave their marks in the digital world, making it possible for companies to frame them into predictive, insightful “little boxes”. The question of whether it is for good or not will depend on how they will use this information. Is our personal information treated and used with ethics? Beyond what the law says, personal data and privacy regulations such as the GDPR or CCPA, we all have an inner sense of what is right and what is wrong. Digital Ethics is something that we all wish to believe in, but few know about it.

The Loud Silence of Digital Ethics  in personal data mobile apps

Futurists foresee a world where everything would be technology-enabled. Some even picture it as the perfect utopia. A world where criminals would be caught before they even act. Where patients would be cured before they get sick. And where everyone would find love. A world governed by justice, health and ideal match. A perfect world… or maybe not?

While striving for this world, the line between right and wrong became blurred. And all of a sudden, what was supposed to turn into a dream ended up reflecting an alternative nightmare: a world that could be governed by “secret” mass surveillance, biased algorithms, and companies leveraging personal and health data to increase their profits; convincing themselves that they are, ultimately, doing it for the “greater good”. Does the end justify the means though?

Much has been said about technology enhancement, the power of personal data in enabling personalized services, offering, care and treatment. Unevenly, opening-up the Digital Ethics Pandora box is a taboo. Without any further delay, now may be the time.

The road to hell is paved with good intentions.

It always starts with a good idea. “Make the world a better place”. “Save the world”. Yet most of the time, without a strong ethic to frame it, even ideas that started with a “don’t be evil” mantra are doomed to perdition. Almost everyone has lost faith in the very notion of privacy. Trust needs restoring. As being “data plumbers” at Pryv, we see it a lot happening with personal data collected via mobile applications. Inspired to make a big change, however, innovators often lose themselves in what is right and what is not. It is not that the technology or the idea behind it is necessarily bad in itself. But like everything, if you don’t know your limits, you will eventually end up beyond them.

Despite often being hidden behind numbers, personal data can reveal a lot about individuals. What people eat, where they go, who they love. In a perfect world, these data would be used to suggest the perfect restaurant, optimize transportation, pay for what you use, not more and save us from a life of loneliness. In today’s world though, this same data can equally be used to escalate insurance pricing, enact citizens’ surveillance, and manipulate thoughts and behaviours on command. And without the enforcement of a strong ethics to surround personal data collection, this might just become our permanent future.

The Yin & Yang in Digital Ethics.

We can envision two mirroring worlds where the border line is Digital Ethics. On one side, being mindful of what is right can open up a world where we will all be doing well, healthier people and happier insurers, empowered citizens and fairer judges. Or, on the mirroring side where the code of digital ethics is not respected, we can end up in a world where we are all prisoners of our own digital twin. A world governed by fear, predictability and surveillance capitalism.

So which one is it going to be? At Pryv, we envision a world where Privacy is the norm. And while it is true that we cannot control the future, we are still empowered to make decisions today that can allow for better privacy tomorrow. In fact, it is that simple: it is a matter of choice to do it; nothing more, nothing less. Let’s build a world where treating users with respect will pay back: so be transparent, consent-centric, restore trust and build meaningful relationships with your users. 

Since 2012, at Pryv, we deliver businesses a solution to empower them building trustful long-lasting relationships with their users, manage personal and sensitive data rightfully, being confident in processing, but not « shy » for asking for more. More data brings more insights and we are all willing to share more when we trust. 

The first step is always the hardest, but we got your hand:

Privacy-first Digital Ethics Handbook.

1. 1. Respect the moral principles: apply the “do no harm” principle to personal data.
   2. Establish norms dedicated to ensure that the autonomy and dignity of users is respected: Provide your development team with the tools to implement it “rightly”.
   3. Allow your users to shape the debate and make informed choices.

The Personal Data Economy is Raising! We are offered a lot, but we have lost the essentials. Be that service provider that is there to last. Respect Digital Ethics, Develop privacy-first. 

Yours,

Stephanie & Evelina

“Personal data aggregation, sharing and processing should be as effective, secure and trustworthy as online banking. In this new paradigm, privacy is not a compliance tick box but an opportunity to break data silos, differentiate products and services, and attract end-users with trust, transparency and empowerment.” Pryv 

Additional Sources:

• https://www.accenture.com/_acnmedia/PDF-24/Accenture-Universal-Principles-Data-Ethics.pdf
• https://www.accenture.com/_acnmedia/PDF-22/Accenture-Data-Ethics-POV-WEB.pdf

The post The Loud Silence of Digital Ethics  in personal data mobile apps appeared first on Pryv.

Open Pryv.io software ready-to-go on Exoscale marketplace, allowing you to deploy Open Pryv instantaneously with minimal start-up configuration.

The privacy-minded IaaS platform Exoscale now includes Open Pryv.io on its marketplace,  among its collection of solution templates, services and components to boost productivity and strengthen application development.

Simple, free, and ready-to-use solution engineered to create and scale privacy-compliant products, services and experiences based on personal data. Companies willing to use Open Pryv.io can now do so by launching their platform in a breeze on Exoscale, and benefit from the powerful and high-performance European cloud service.

The Pryv and Exoscale partnership points out the way towards privacy-by-design as a critical tool to achieve compliance at all times, and become game-changers in proper data ownership. 

Through this partnership, the Exoscale cloud platform positions itself as a key enabler for personal data collection being done right from day one by developers, and strives to build a world where privacy would be the norm – and not the exception as it is today.

Building on Pryv.io ensures you secure access and compliant management of personal data today. Now launched in seconds with Exoscale.

About Exoscale: https://www.exoscale.com/

Exoscale is a European cloud platform that is both powerful and enjoyable to use. It offers services and on-demand resources that developers could use easily to test things out and build cloud native applications.

Exoscale allows developers to start virtual machines in seconds, store petabytes of data and easily integrate your on-premises or multi-cloud deployment.

About Pryv: pryv.gihub.io/www

Open Pryv.io is a free and scalable personal data lifecycle management platform specifically engineered to empower developers to rapidly create and scale breakthrough GDPR and HIPAA compliant products, services, and experiences. 

Based on years of tests & analysis, the software has been developed to accommodate rapid integration. Businesses in highly regulated markets, such as the healthcare industry, can benefit from using Pryv.io to manage personal data in a compliant way for the development of scalable personalized products.

The post Pryv.io Open Source Solution now available on Exoscale Cloud Platform appeared first on Pryv.

Enlightenment in Delusion

The trust in the Internet has been lost. Yet we use technology more than ever before. Every single day, millions of applications are being downloaded and fed by personal data. Whoever knows what it is being used for. We have been promised to be protected. We have heard “privacy-by-design” many times now, but have we understood it? Probably we did not. As we are still being deceived-by-design by many applications.

Yet things are supposed to have changed. “Businesses took actions”, we wish to believe… And some of them really did. The problem, however, is that we see the majority of companies only partially resolving the personal data management and privacy compliance challenges. Whereas according to the GDPR, privacy should be embedded in every aspect of personal data collecting apps. Starting from the very beginning of establishing the relationship between the two parties, through the part that is visible for the users: the UI.

The Beauty and the Beast in UI: Privacy-by-design or Deceived-by-design?

UI Design is a big part of today’s software applications. More than a pretty look, it is what allows companies to interact with their users and guide them through their app. In terms of compliance, it is also what allows them to ask for users’ consent and provide their users with the means to execute their rights to privacy. Which is why companies should be careful not to include marketing practices that go against privacy requirements when building their designs.

Still, while we often speak about user-experience and user-engagement, we rarely discuss the “dark patterns”: the tricks used in UI designs to make users do things online that they would normally not do. Have you ever heard about them?

Dark patterns are the tricks that make you:

…Consent to things that you are not even aware of.

…Share more information about you that you really want to, an action that became popular as “Privacy Zuckering”.

…Pay for things you didn’t even want to buy in the first place.

Dark Patterns Examples

Whichever it is, it is highly probable that you have been deceived-by-design many times already. The problem is: while UI design can be used to nudge people into making the best choices for themselves, it can also be used to deceive them into sharing more of their personal data than they would usually like to. But what is the “right” choice for the user?

Nudging users into making the « right » decisions

If personal data collecting apps aren’t easy to implement in terms of compliance, they certainly aren’t easy to design in this regard as well. Practically: how to strike the right balance between best marketing practices and data privacy regulations?

When persuasion becomes manipulation.

While the GDPR poses legal frontiers to nudge companies into making the “right” choice for their users, recent studies show that they still have a hard time going against their own business interest especially at a time when data brokerage shows to be a particularly profitable business. Yet, there are other ways to monetize personal data, and even based on a privacy-approach.

Some pathways and actions are more enticing than others. Of course, it can be fun to use gamification techniques to make an App more appealing and increase users’ engagement, but some lines shouldn’t be crossed. Especially when speaking of mobile health applications. For example, mental health-websites that sell personal data, such as the results of depression tests, to 3rd parties – such as the case with Doctissimo.

Is it game over? Take it to the next level: Dark Patterns for good

Light the way. Dark patterns might be properly used. We have seen  typical ‘dark’ patterns, being used for the right reasons, for example in Open Banking. Ethically Evil: how to use dark patterns for good 

So, the question remains: how to strike the right balance between best marketing practices and data privacy regulations?

It is all about a shift in Mindset: Achieving privacy should not be seen as a problem, but rather as the goal. So Make trust your first priority! And next time you need to implement a new design for your app, start with “what” not “why”, and ask yourself: what is the goal of this application and how to ensure privacy-by-design, turning it into your winning ticket? You’ll be surprised what you can come up with!

Welcome to Privacy-as-a-State-of-Mind: We had a hand in. 

For us at Pryv, achieving privacy is not about resolving compliance, it is the goal: privacy as a norm. As a back-end privacy provider, we can certainly help businesses collecting personal data to embed privacy into their systems, ensuring that the data they are collecting is consented rightly, managed and stored, compliantly. Yet, this is just one side of the coin. Companies have to meet us halfway to build a fully privacy-by-design, compliant solution.

https://pryv.github.io/www

pryv.github.io

github.com/pryv/open-pryv.io

Yours,

Evelina & Stephanie

Sources:

https://www.darkpatterns.org/

https://hellofuture.orange.com/en/what-are-dark-patterns-and-their-impacts-on-personal-daa/ 

https://darkpatterns.org/types-of-dark-pattern.html

https://privacyinternational.org/news-analysis/3986/mental-health-site-sharing-your-personal-data-were-going-after-them 

https://www.fastcompany.com/90452333/why-you-still-cant-escape-dark-patterns

https://securityboulevard.com/2018/12/dark-patterns-stealth-ways-companies-collect-personal-data/

https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf

https://medium.com/@mohityadav0493/privacy-zuckering-deceiving-your-privacy-by-design-d41b6263b564

https://www.europeandatajournalism.eu/eng/News/Data-news/Dark-patterns-born-to-mislead

The post 50 Shades of “Dark Patterns” to deceive privacy regulations appeared first on Pryv.

Level up: light on the legal and ethical aspects of using gamification in mental mhealth apps

Mental Health has been seen as the “cancer of tomorrow”. The pandemic further strengthened the suppressive force turning this prediction into a reality. As for their part, researchers even show that there is an unprecedented increase in stress, anxiety and depression. And in the blink of an eye, tomorrow suddenly became today. 

In the context of mental illness, there is no “risk group” as it can hit us all – our children, co-workers, family members. The damages and consequences are long-term, life-threatening and life-changing. So, not a surprise, among other digital health applications accelerated during the pandemic, a number of mental health applications got their momentum to deliver on their promise: a click away to mental health and well-being. Is the promise delivered? While there is a robust growth of mental mhealth apps offerings, their usage seems to remain inconsistent.

Do people trust mental mhealth apps? Maybe “not”.

Trust is the very first principle that allows for engaging users in sharing enough data so that they can be given help. Yet today, people may be skeptical to engage with an app that keeps track of their mental health data and rightly so. For these apps to work then, trust needs to be won first. Nevertheless, trust itself isn’t enough – people need to put in the work to get better. This requires consistency and the right amount of motivation to do so.

Do people use mental mhealth apps with consistency? Maybe “not”.

Consistency is key for progress. The problem is: keeping users motivated and consistent while being tied up to their homes, forced into quarantine and limited to zero family reunions or social activities is not a piece of cake. To keep them going, you need them to want to engage with your app, just like they would when choosing to play a video game: because it is fun, not seen as an obligation, and it might even fill them with motivation and a positive mindset… 

So what if winning over mental health could become as entertaining as playing a video game? 

Encouraging consistency in using mental mhealth applications through gamification has become a trend among digital health innovators. 

“Games with purpose”: Embedding gamification into mental health applications

Gamification is used as a tool for influencing behavior modification in many health applications. 

Due to the game elements introduced in the app, users are enticed to be more engaged in their own recovery, which makes it a formidable tool against mental health disorders. When used in this context, it can further help the users develop healthy habits that can reduce stress, anxiety or depression, such as exercising regularly or following treatment instructions.

Video game makers have banded together to promote gaming as a healthy means of physical distancing and social connection amid the coronavirus pandemic. 

One of the reasons it has become so popular in mental mhealth apps is that smartphones are excellent delivery vehicles for gamification in healthcare: easy collection of precious personal data like geolocation, inbuilt accelerometers to monitor activity and external sensors that can capture vital signs such as heart rate and blood pressure are just a few to mention.

Hence, not surprisingly, while the pandemic has inflicted income declines on many industries, video games and digital health are not among them. Nowadays, combining the two might even be the best shape for providing help to the ones who need it the most, “stay at home”-compliant. So is it checkmate? Maybe not. One thing is for sure, embedding gamification in mental mhealth apps does not come that easy.

(spoiler alert: privacy is calling!)

Legal aspects and ethical considerations of using gamification in mental health applications

If mental mhealth apps may feel like a funny game to the users, for the one who designs it, the app is nonetheless a digital therapeutic and personal data collecting tool which needs to comply with a number of regulatory requirements.

For personal data collection, privacy and data protection regulations such as the GDPR, CCPA or any relevant national Data Protection Act (DPA) depending on the business and users locations will have to be addressed. As regards to health data, more specific requirements may have to be added to the list, like the HDS Certification required for health data hosting in France. And if the app is recognized as a medical grade solution within the EU, the new EU MDR might even come into play. On a brighter note, if targeting the german market, you might also consider applying for your app to be prescribed as a treatment and reimbursed by insurance companies. 

Parallel to this, the “influencing the behavior of your users”-part of gamification is not to be taken lightly. Alongside the legal aspects cited above, ethical considerations should be given:

1. Design for Trust:
   • It’s simple: if your users don’t trust you, they won’t provide you with their most sensitive, personal information about their mental health and state. Neither will they feel comfortable enough to use your app with consistency. You need trust for your app to work, so build your app around it – design it for trust.
   • It is not about turning your dev team into the new lawyers to be. But embedding privacy in all aspects of your mental mhealth app so it is trustworthy, lawful, and so that your users know what it is done with their data at every step of the way.
   • Little tip about that: enhancing trust requires rethinking consent.

• Avoid Dark Patterns, unless For Good: 

1. • Be mindful of the impact you have on users’ choices and their behaviour. While it is one thing to motivate your users through games and a user-friendly interface, it is another to get consent over addiction. Even through games, rightfully ask for consent and don’t let the prospect of a quick profit blind you. 
   • Alas, recent studies show that despite the recent upsurge in privacy and data protection regulations (GDPR, CCPA, PIPEDA…), companies still have a hard time going against their own business interests. So is it game over?
   • Maybe not! Take it to the next level: use Dark Patterns for Good.

• Digital Ethics

1. • Respect the moral principles – don’t take the game too far. While gamification can help, it can also have devastating impacts on users, such as inducing depression and crushing attention span. Be careful not to get carried away while “playing the game” and rely on digital ethics to build “games with purpose”.
   • Establish norms dedicated to ensure that the autonomy and dignity of users is respected. It is not all on your development team to understand what “ethics” and “privacy” means technically. Provide them with the tools to implement it “rightly”.
   • Lastly, allow your users to shape the debate and make informed choices.

#tip: Walk the talk and keep on your promises to build long-term engagement.

Play hard, play fair. Respect the rules with Pryv

Stay focused on your core expertise and value proposition and let us turn compliance into your competitive advantage.

Pryv.io is designed to facilitate developers creating privacy-centric digital health applications. Our Swiss-made Personal Data & Privacy Management Software is a ready-to-use middleware specifically designed for personal data and consent management. It comes with must-have consent and auditing tools to keep you compliant with existing and forthcoming regulations.

Our ultimate purpose is to remove barriers to data-driven healthcare innovation by helping digital health innovators rigorously manage personal data and build effective, lawful, patient-centric applications respectful of privacy and seamless digital experiences, faster, at a lower cost and right the first time.

Yours,

Stephanie & Evelina

Additional sources:

• https://mental.jmir.org/2019/6/e13717/
• https://www.businessinsider.fr/us/mental-health-apps-superbetter-happify-gamification-techniques-2019-10
• https://uxdesign.cc/the-benefits-of-gamification-for-mental-health-656f9e4cbcce

The post Level up: light on the legal and ethical aspects of using gamification in mental mhealth apps appeared first on Pryv.

Lausanne, Switzerland – October 6^th, 2020

Two leading Swiss providers of privacy and security solutions, Pryv and CYSEC, announce a strategic collaboration focused on integrating their products: the personal data & consent management middleware Pryv.io and the confidential computing solution ARCA from CYSEC. The two Swiss trust-tech companies are jointly pursuing strategic opportunities as part of their growth strategies.

Businesses operating in highly regulated markets such as healthcare, insurtech, mobility and fintech collect, use, and store sensitive personal data at scale. They must therefore adopt the highest privacy and security standards to ensure that data remains protected throughout the full lifecycle and across all three states of data: data at rest, in transit and in use. The need for secure data management has spawned a new era of data protection and privacy regulation and practices including: GDPR; Swiss DPA; CCPA, PIPEDA. And more stringent regulation will follow.

Organizations face regulatory constraints at many stages of software design and must make decisions on how best to manage access control rights, provide data auditing capabilities and store / host data.  As more organisations and entire industries embrace the collection of personal data and its processing, they too will become subject to highly stringent regulations.

While the collection and use of personal data has become increasingly mainstream, only few organisations have invested in reliable data management and storage solutions that provide the necessary security and privacy. Most organisations remain without protection. The risk is not only a potential fine of 20M EUR or more, but also losing the trust of users. Once lost, user trust and an organisations reputation are very hard to regain. To avoid this, it is imperative to work with the right privacy and security tools.

The Pryv.io Personal Data & Privacy Management Software allows businesses to build digital solutions that can collect, store, share and rightfully use personal data. It comes with must-have consent and auditing tools to keep the clients compliant with existing and forthcoming regulations.

The ARCA solution leverages certified hardware to secure data in use, enabling sensitive data to be processed inside a trusted execution environment. In this way, data can be processed without exposing it to the rest of the system, reducing exposure of sensitive data and providing greater control and transparency for users. Its main advantage is the ease of integration as it is compatible with modern virtualization tools that software developers use, including Docker, Kubernetes, VMWare. The solution can be deployed in centralized, decentralized and distributed architectures.

Pierre-Mikael Legris, CEO at Pryv SA said: “By combining ARCA and Pryv.io, companies will blend best of breed security and privacy- by-design technologies for their backend and enhance trust for their customers.”

Florian Wiedmann, Secure Analytics Manager at CYSEC commented: “Organisations looking to comply with increasingly stringent data regulation require a one-stop solution for all their data security and management needs. Teaming up with Pryv will allow us to achieve this goal: A solution that offers both security and critical data management tools to allow organisations to achieve compliance easily.”

Trust is critical for companies that manage personal data. Combining ARCA’s security and Pryv.io’s privacy by design technology provide a robust, secure and consent-based backend to achieve trust. The integration of Pryv.io and ARCA provides businesses with an easy to deploy solution to collect, structure, share, use and store personal and sensitive data without compromising on security and compliance. ARCA and Pryv.io are further integrated with TAK by Build38.

About Pryv

Pryv makes essential software for data-driven healthcare innovation. Our purpose-built middleware helps organizations manage personal data from creation to use, sharing and disposal. We accelerate time to market, cut IT development costs and speed up connectivity to all data sources. Pryv addresses the enhanced citizen’s right under GDPR and turns privacy compliance into a competitive advantage. For more information, please visit pryv.gihub.io/www

About CYSEC

CYSEC SA is a cybersecurity company based at the EPFL Innovation Park in Lausanne, Switzerland, whose mission is to shorten the time-to-market of innovative services by facilitating their integration into a secured IT environment. To achieve its mission, CYSEC developed a general-purpose security platform called ARCA able to store data and execute applications in a Trusted Environment. By lowering down the barriers to protect data and software, CYSEC enables its customers to benefit from a whole new level of flexibility and agility which is a game-changer today considering the fast-pace at which security and business requirements evolve. CYSEC focuses on the provision of its cybersecurity solutions in four vertical sectors, namely financial services, IoT, space and telecoms. For more information, please visit www.cysec.systems

  Media Contacts

CYSEC SA

Florian Wiedmann

Secure Analytics Manager

florian.wiedmann@cysec.systems

Pryv SA

Evelina Georgieva

CBDO & Co-founder

The post Pryv and CYSEC launch an integrated solution for collection and confidential computing of personal data at scale appeared first on Pryv.

Once upon a time we used to think of banking as private safes and white collars. Today, it is certainly one of the most promising areas for data-driven innovation. Each time a user pays online, it leaves behind a digital trail of information, allowing for infinite data-fueled possibilities. Yet just like banknotes, personal financial data needs to be kept safely. This means in this case: in compliance with the GDPR, Swiss DPA or any other relevant data protection regulation. 

Open Banking: Mastering privacy & consent  to unlock the personal data superpower

The growth of personal data usage is exponential and affects almost any industry. On one side of this growth, there are the users who keep calling for more on-click personalised offerings and “fluidity” of data transfer. On the other, businesses that are striving to deliver on these demands in the best possible way. Some of these businesses, however, are just kicking off in the personal data economy services accessing. This has been core for the banks and financial industries.

Banks online & payments: guardians of trust

While the pandemic casted a harsh light on the notion of personal data collection and privacy respect, it also further strengthened the boost towards contactless and online paying services. Unlike other industries operating with personal data, the banking industry is fortunate to be one step ahead when it comes to trust: people trust banks and other financial entities to safeguard their personal data more than other organizations. Perhaps for this reason, digital banks and mobile financial applications have been growing like weeds in the past few years; trust being the “magic” seed of their super-fast expansion.

« Bank 4.0: banking everywhere. Never at a bank »

As banking services are being digitized, paying cash is becoming a thing of the past. Twint, Revolut and other “one-click” solutions are becoming the new way to pay for anything, anywhere. And online banking apps are the new go-to for managing bank accounts anytime, “stay home”-compliant and safe. So, if banks were long seen as closed physical places with thick walls and locked doors, they are now becoming prime actors of the rising personal data economy. A rise reinforced by the recent introduction of Open Banking: a practice that provides third-party service providers open access to consumer banking transactions and financial data through the use of application programming interfaces (APIs).

Open Banking Poker Face: Superhero or Supervillain?

Open banking introduces a new paradigm that opens up many business opportunities. Whereas initially seen as a way to enable exchanges between financial institutions, it is now spreading faster and even beyond expectations. Unforeseen personal data offerings in a cross-industry corporation arise indeed when personal and financial data is derived and aggregated. And in a world where everything can be bought a click away, derived applications are endless. 

Applications, “Sur-mesure”.

Just to mention a few, service providers already suggest personalized offerings based on correlating financial and personal data, like targeted budgets for monthly shopping, savings and loans. Thanks to the data collected through open banking, the app can be made perfect for any user: depending on the stage of your life whether you are a student, a parent, buying property or planning retirement, it will provide you with an offer which suits you best.

Privacy-first (un)locks Open Banking

Still, if Open banking is great for business, it is also referred to as a nightmare when it comes to privacy. Especially, the system raises questions as regards to the privacy of the users whose data is being shared: do they understand what their data is being used for? Are they given the opportunity to give explicit consent as required by the GDPR? To ensure that open banking will benefit the users and not foster discrimination, strong safeguards have to be put in place.

Solution: Beyond secrecy, use Pryv.io personal data and consent management solution to enhance your users privacy.

“Personal data aggregation, sharing and processing should be as effective, secure and trustworthy as online banking.” – Pryv

If one could argue that not sharing any data would be the best solution to ensure users privacy, we beg to disagree: Privacy doesn’t have to be only secrecy. At Pryv, we envision a world where privacy is the ability to share personal data with awareness, trust and control.

“Giving explicit consent to collect and share personal data has per core requirement that users understand which data we are talking about. Trust comes with the ability to check the content of these data and the exchanges between all parties. Like banks that provide detailed reports of all transactions in time, classified in bank accounts” – Pierre-Mikael Legris, CEO of Pryv

Enhancing trust requires rethinking consent. In this new paradigm, privacy is not a compliance tick box but an opportunity to break data silos, differentiate products and services, and attract end-users with trust, transparency and empowerment.

“Pryv.io data model provides all data in “time series” contextualised and classified in streams. It is designed to provide the same readability and transparency as your bank report. So anyone could make decisions and check its execution with a minimum of effort.”

Beat the “get-user-consent” fear: start managing your users’ data exactly as the bank manages your money! Learn more about how Pryv.io can help you win users’ trust by collecting and using their personal data rightly.

Yours,
Stephanie & Evelina

Additional Sources:

• https://fintechnews.ch/open-banking/open-banking-in-switzerland-an-overview/32199/
• https://www.finextra.com/blogposting/19282/the-value-that-open-banking-brings-to-each-market-player
• https://medium.com/@nordigen/5-future-open-banking-use-cases-e5168c233bff
• https://tarabutgateway.com/open-banking-use-cases-beyond-banking/
• https://www.linkedin.com/pulse/data-governance-what-truly-means-manage-asset-julien-tagnon

The post Open Banking: Mastering privacy & consent  to unlock the personal data superpower appeared first on Pryv.

Privacy and data monetization are often seen as two antagonistic concepts. While the privacy-respect represents something that costs time, resources and money, the data monetization on the contrary, is what allows you to bring money in. Thus, when thinking about a successful strategy for bringing economic value to personal data, most companies only think of this data as an asset, and tend to forget about their responsibility.

Yet, with regards to privacy and data protection regulations, personal data is certainly more a company’s liability: a duty to comply with a large number of obligations. But what if you could turn these obligations into an opportunity for your company?

Challenges of rightfully monetizing personal data

Data Monetization is a top priority for any company who makes it its business to collect personal data – if you want to keep your business afloat, you have to generate money. That’s clear.

Yet, at an age dominated by the freeware business model, thinking of a way to bring economic value to this data while respecting users’ privacy is a real challenge, many would say: how to motivate your users to pay for a service they can have for free elsewhere? Or if free, how to make profits without (unethically) selling their personal data?

If it became obvious that selling raw personal data is a very profitable business, there are actually a lot of other ways for companies to monetize their data.

First, you can use it to reduce your costs and enhance your overall business efficiency. Second, you can use it to keep generating more money: not a surprise, but how to do that with respect to users’ privacy rights? Usually, it is there that the conflict between money and privacy arises.

Using Data Privacy to enhance Data Monetization

The thing is, reducing data to money will often blind you about its infinite possibilities. In fact, chances are: starting by addressing data privacy issues will even help you enhance your data monetization strategy. Why is that?

As a first step, you need to realize that just like money, data continuously flows in and out of organisations. And how do you make more money with your actual money? By selling more of your products and services? Sure. But mostly, by having a clear picture of how money runs into your organisation and acting smartly on it.

In a similar way, having a clear picture of your data economy will allow you to be smart about it. You might think of it as an extra task that you don’t want to put your efforts into. But actually, it will demand nothing more that you already have to do: as sorting your personal data lifecycle is the core part of building your data privacy strategy (which you will have to do to comply with data protection regulations like GDPR).

So, just like you can turn your GDPR consent-requirements into an opportunity to build trust with your customers and grow your business, you can turn your data privacy obligations as an opportunity to find new ways to efficiently monetize the personal data you collect, enabling you to solve two problems at once.

So far, so good. But how to build an efficient privacy-preserving data management solution that allows you to meet both your privacy requirements and data monetization goals?

Here is our solution: Pryv.io – a ready-to-use Personal Data Management Platform as foundation to build a compliant, scalable and successful business model

Pryv.io is a personal data management solution that allows companies to rightfully collect, store, share and use personal and health data. We make personal data aggregation, sharing and processing as effective, secure and trustworthy as online banking.

Built to help companies achieve GDPR and HIPPA compliance, Pryv’s solution addresses all the data privacy requirements that you need to stay ahead of existing and forthcoming regulations, but also provides you with a data model precisely designed to aggregate and distribute multiple sources of information.

As we understand the value of combining a robust amount of data and diverse datasets is essential for providing personalized offerings, we wanted to provide companies with a way to do it efficiently and compliantly: we thus designed a data structure that is easy to understand and work with. Data pooling and data aggregation are among the best Pryv.io’s capabilities.

Our solution is customer- and data-centric, which allows any company or startup to have a clear understanding of its data economy – Everything you need to build a strong and ethical data monetization strategy, while being compliant to the most stringent regulations.

The best part? You can already install it, today, for free: Check it out

Open Pryv.io is available in open-source: free, full production, easy-to-install.

Stephanie & Evelina @ Pryv

The post Data Monetization: how to profit from rightfully managing personal data appeared first on Pryv.

TLM Solutions and Pryv partner in Canada to optimize personal data management in new eHealth applications: A ready-to-use solution to meet international privacy standards and a team of recognized data privacy experts fostering healthcare innovation.

The post TLM Solutions and Pryv partner in Canada to optimize personal data management appeared first on Pryv.

A ready-to-use data management solution to achieve GDPR compliance and meet health data hosting requirements. 
Companies willing to collect and use personal health data can now benefit from a complete, ready-to-use, and scalable solution, offered by Euris Health Cloud® (health data hosting) and Pryv (personal data and privacy compliance middleware). In Europe, the solution combines a certified HDS (*) hosting offer for security and a personal healthcare data management service for privacy, allowing e-health actors to rigorously manage personal health data and quickly create applications that respect the rights of the patient at an attractive cost.

”Contrary to what companies may believe, the HDS Certification of their hosting provider in no way implies their compliance with the GDPR. All it tells them is that their host offers sufficient data protection guarantees.” says Pierre-Mikael Legris, CEO at Pryv “The complementarity of HDS hosting and GDPR compliance solutions is perfectly illustrated by our partnership with Euris.”

 

“Combining our expertise with Pryv knowledge and Pryv.io capabilities, we provide a unique and proven off-the-shelf solution that allows companies to achieve an optimal data management and protection solution globally through a new bundle offer for startups and innovative e-health projects.“ says Pedro Lucas, CEO at Euris Health Cloud®.

With the offerings Cloud Santé® PRIVACY and Cloud Santé® PRIVACY STARTUP by Euris and Pryv, companies operating in Europe can now meet both French HDS and EU GDPR requirements with no expertise required on their part, allowing them to focus on their core business and increase user engagement through trust and transparency.

About Euris Health Cloud®: www.euris.com

Euris Health Cloud® is a connected healthcare operator, specialized in the hosting of healthcare data. Euris Health Cloud® provides a global hosting infrastructure for personal health data, in compliance with local regulations: EU (HDS: 2018 &ISO 27001 2013), US (HIPAA), China (CSL).

Thanks to a unique marketplace model, Euris Health Cloud® also offers a complete range of interoperable services and solutions, facilitating the deployment of e-health projects: strong authentication, drive, archiving, backup, anonymization, Big Data, Business Intelligence, IoT, telemedicine, CRM, PRM and Healthcare Data Warehouse.

About Pryv: pryv.gihub.io/www

Pryv.io is an extensible personal data lifecycle management platform specifically engineered to empower developers to rapidly create and scale breakthrough GDPR and HIPAA compliant products, services, and experiences. The software has been developed to accommodate rapid integration. It comes with turnkey IoT connectivity, a secure storage vault, fine-grained consent management, and comprehensive auditing capability that radically cut IT development costs and accelerate time-to-benefit while addressing the most stringent data protection requirements.

(*) Certified HDS: « Hébergement de Données de Santé » (French Health Data Hosting certification based on ISO 27001 standard and GDPR regulation)

The post Euris and Pryv simplify personal data management: A ready-to-use solution to meet GDPR and Health Data Hosting requirements. appeared first on Pryv.

Lausanne, Switzerland, June 9th, 2020 — Today, Pryv SA, the leading Swiss provider of personal data and privacy management software announced the open-source release of Open Pryv.io: a free and scalable personal data lifecycle management platform specifically engineered to empower developers to rapidly create and scale breakthrough, GDPR, and privacy compliant products, services, and experiences.

As developer productivity has become a competitive necessity, the ready-to-use Open Pryv.io is marking a turning point to de-complexify the development of personal data and digital health applications.

Data pooling, data aggregation, consent management, and data interoperability are among the Open Pryv.io’s capabilities that are raising the bar for delivering a reliable solution for collecting and managing heterogeneous sets of real-world personal data with full respect to privacy.

“Releasing our core software in open-source today is a natural move for us. From day one, Pryv.io was built to be open-sourced” says Pierre-Mikael Legris, CEO and co-founder of Pryv SA. ”In fact, our source code has always been open for our clients. By releasing Open Pryv.io, we provide any company with a tool allowing them to address the enhanced citizen’s right, which sends a strong message of transparency and inclusivity”.

Fostering faster innovation and less duplication of effort are also among the main drivers of Open Pryv.io’s release. Nowadays developers value using open-source instead of redeveloping available code. Integrating Pryv.io open components will allow developers to free them up to work on what is unique in their products and add privacy-by-design to their value proposition.

“Open sourcing our code is doing the right thing – for the community, for our clients, and for Pryv. We should have done it much earlier.” adds Simon Goumaz, Co-Founder and Board Member at Pryv SA.

The Open Pryv.io release takes place at a time when the pandemic disruption has cast a harsh light on the notion of personal data collection and privacy respect. As governments have been lifting data protection restrictions in an attempt to ease access to personal data to protect public health, the release of Open Pryv.io shows that there is a way to encourage personal data collection being done right. Open Pryv.io urges to build a world where privacy is the norm – not the exception as it is today.

“Privacy doesn’t have to be only secrecy. We envision a world where privacy is the ability to share your data with awareness and control. For years now, we prove that respecting one’s privacy and having access to their data are not contradictory. The more transparent you are, the strongest relationships you will build with your users” says Evelina Georgieva, Co-Founder and CBDO at Pryv SA. “No more excuses: the Open Pryv.io offers developers a strong foundation to ensure that the personal data they collect are rightfully managed from day 1.”

Alongside this new release, which offers essential features of the Pryv.io software following an open-core model, Pryv continues executing its growth strategy by licensing the enterprise-class version to projects that require high scalability, compliance documentation and dedicated support.

About Pryv

Founded in 2012, Pryv makes health personal data processing as secure and trustworthy as online banking. We help organizations manage personal data from creation through use and sharing,

Our Swiss-made Personal Data & Privacy Management Software- Pryv.io is a solid foundation on which you build your own personal data and digital health solutions. The software has been developed to accommodate rapid integration. It comes with turnkey IoT connectivity, a secure storage vault, fine-grained consent management and comprehensive auditing capability that radically cut IT development costs and accelerate time-to-benefit while addressing the most stringent data protection requirements.

The post Pryv SA releases an Open-Source Solution for Personal Data & Privacy Management appeared first on Pryv.

Security with app hardening and privacy-by-design backend are a top priority for Digital Health Providers

Fraud, privacy violations, cyberattacks, unauthorized data collection, outlaw processing, and hacking of connected medical devices and mobile applications are just a few of the threats arising from the digitalization of the healthcare industry. A hack, that can be disastrous for individuals, is just as harmful for businesses, who will face regulatory fines and damage to their reputation. Such threats can be minimized by implementing adequate privacy and security measures right from the very start. Protecting digital channels is invaluable on many levels, saves lives and prevents significant financial losses.

“Smartphones and tablets are the primary access point for both our personal and work life, and a valuable target for attackers,” said Dr. Christian Schlaeger, Build38 CEO. “Business agility provided by mobile devices will continue to drive adoption in the mobile health sector, even more now with the announced DiGA initiative of the German government. Build38 and Pryv empower businesses to embrace the productivity benefits of mobile devices while addressing the security and privacy risks.”

“Developing the privacy and security layers of Digital Health applications is a highly demanding task, yet essential to gain users trust and achieve compliance.” said Pierre-Mikael Legris, CEO at Pryv “This partnership is a game changer for digital health innovation. It provides digital health innovators with a rigorously tested off-the-shelf solution, allowing them to easily and rapidly develop trustworthy and scalable products.”

The offering by Pryv and Build38 foster compliance with the most stringent existing and forthcoming data protection and cybersecurity regulations. No dedicated security knowledge or privacy-expertise is required by development teams. Companies can focus on their core competency, while de-risking security and privacy compliance, winning time-to-market and fostering user-engagement through trust and transparency.

About Build38:

Build38 is a global provider of mobile application protection solutions. Its Trusted Application Kit (T.A.K) solution combines AI-platform and strongest app shielding technology which protects B2B and B2C mobile channels from fraud and reduces your compliance risk exposure. It also enables new use cases and opens the market for new digital business models. Build38 protects applications across various industries including automotive, financial, public transport and health care. Build38 is headquartered in Munich with global offices in Barcelona and Singapore.

www.build38.com

About Pryv SA:

Pryv makes health personal data processing as secure and trustworthy as online banking.

Pryv.io is a solid foundation on which you build your own digital health solution, so you can collect, store, share and rightfully use personal data. It comes with must-have consent and auditing tools to keep you compliant with existing and forthcoming regulations. The software has been developed to accommodate rapid integration, allowing you to properly manage your users’ data from day one. It comes with turnkey IoT connectivity, a secure storage vault, fine-grained consent management, and comprehensive auditing capability that radically cut IT risk, development costs and accelerate time-to-benefit while addressing the GDPR and the most stringent data protection requirements.

pryv.gihub.io/www

The post Build38 and Pryv Team Up to Simplify Mobile Security and Privacy for Digital Health Companies appeared first on Pryv.

*This is a living document that will be updated on a regular basis.

GDPR: remaining within the rules.

The European Data Protection Board (EDPB) says that it is possible to adapt to the situation while remaining within the rules.

“Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic,” says EDPB chair Andrea Jelinek.

“However, I would like to underline that, even in these exceptional times, the data controller must ensure the protection of the personal data of the data subjects. Therefore, a number of considerations should be taken into account to guarantee the lawful processing of personal data.”

Consent and Data Collection

Data Protection Authorities all agree: only essential information should be collected. 

So, only in case that it’s necessary for public health reasons, public health authorities and employers can process personal data without having the consent of the concerned individuals.

If the concept might be simple in theory, it leaves organisations with a lot of questions and challenges to solve. To provide guidance on the subject, International Law Firm White & Case has set out “an overview of some of the key issues for organisations to consider during this crisis, from an EU data protection compliance perspective”.

Mobile location data

« For the processing of electronic communication data, such as mobile location data, additional rules apply. The national laws implementing the ePrivacy Directive provide for the principle that the location data can only be used by the operator when they are made anonymous, or with the consent of the individuals. » 

« When it is not possible to only process anonymous data, Art. 15 of the ePrivacy Directive enables the member states to introduce legislative measures pursuing national security and public security *. This emergency legislation is possible under the condition that it constitutes a necessary, appropriate and proportionate measure within a democratic society. If such measures are introduced, a Member State is obliged to put in place adequate safeguards, such as granting individuals the right to judicial remedy. »

European Commission’s Recommendation on apps for contact tracing, published on 8 April and setting out the process towards a common EU toolbox for the use of technology and data to combat and exit from the COVID-19 crisis

Andrea Jelinek, Chair of the EDPB, said: “The EDPB welcomes the Commission’s initiative to develop a pan-European and coordinated approach as this will help to ensure the same level of data protection for every European citizen, regardless of where he or she lives.”

Letter concerning the European Commission’s draft Guidance on apps supporting the fight against the COVID-19 pandemic

In its letter, the EDPB specifically addresses the use of apps for the contact tracing and warning functionality, because this is where increased attention must be paid in order to minimise interferences with private life while still allowing data processing with the goal of preserving public health.

MDR: Postponed. 

Parliament adopted the European Commission proposal, allowing the application of the Medical Devices Regulation to be postponed by one year until 26 May 2021.

«This postponement will take the pressure off national authorities, notified bodies, manufacturers and other actors so they can focus fully on urgent priorities related to the coronavirus crisis.

Vice-President for Promoting our European Way of Life, Margaritis Schinas, said: “Shortages or delays in getting key medical devices certified and on the market are not an option right now. The Commission is therefore taking a pragmatic approach and delaying the entry into application of new EU rules on medical devices, so we can have our medical industries pouring all their energy into what we need them to be doing: helping fight the pandemic. This shows once again that the European Union is leaving no stone unturned in our support to national public health systems in their hour of need.”

Sources: https://www.europarl.europa.eu/news/en/press-room/20200415IPR77113/parliament-decides-to-postpone-new-requirements-for-medical-devices

Switzerland: The principles of the Federal Act on Data Protection, must be respected.

The authorities, in cooperation with health institutions, are doing everything possible to stem the rapid spread of the coronavirus. Insofar as private individuals (in particular employers) process personal data to combat the pandemic, the principles set out in Article 4 of the Federal Act on Data Protection must be respected.

Source:

https://www.edoeb.admin.ch/edoeb/en/home/latest-news/aktuell_news.html

France: CNIL Recalls Data Protection Rules in the Context of the COVID-19 Outbreak

The French Data Protection Authority (the “CNIL”) issued guidance which outlines some of the principles relating to personal data processing. 

The Guidance stresses that employers may not implement measures to fight against the coronavirus pandemic that would infringe on employees’ or visitors’ right to privacy, especially by collecting personal health data that would go beyond what is necessary to determine potential exposure to the virus. 

Source: https://www.huntonprivacyblog.com/2020/03/20/cnil-recalls-data-protection-rules-in-the-context-of-the-covid-19-outbreak/

Germany: A solid framework for privacy and health innovation

German Authorities Issue Guidance Related to Coronavirus.

Germany is among a few countries that have already set-up the scene for effective promotion of remote patient monitoring and digital health adoption. Digital Health Innovators can apply for the DiGA “Fast Track” and have their solutions reimbursed and prescribed by physicians. 

« The Health Innovation Hub, established by Germany’s Ministry of Health, published a list of trusted telemedicine services. Most of these are available for free, towards which citizens can turn during the pandemic. » 

Sources:

https://hih-2025.de/here-to-stay-digital-health-in-times-of-covid-19-a-german-deep-dive/

https://www.datenschutz-mv.de/datenschutz/publikationen/Corona/

https://www.insideprivacy.com/covid-19/german-authorities-issue-guidance-related-to-coronavirus/

https://www.bfdi.bund.de/DE/Datenschutz/Themen/Gesundheit_Soziales/GesundheitSozialesArtikel/Datenschutz-in-Corona-Pandemie.html?nn=5217154

https://medicalfuturist.com/how-germany-leveraged-digital-health-to-combat-covid-19/

UK: marks a shift in its privacy policy on patient data collection and usage 

The National Health Service in England has sent out a document that marks a shift in its policy on patient data. It mentions the use of data to understand trends in the spread and impact of the virus and “and the management of patients with or at risk of Covid-19 including: locating, contacting, screening, flagging and monitoring such patients”.

In this regard, the UK Information Commissioner’s Office (ICO) also published “a handy guide to what you need to know about data protection during the pandemic” that specifically addresses the concerns of healthcare organisations and professionals.

Sources: https://www.gov.uk/government/publications/coronavirus-covid-19-notification-of-data-controllers-to-share-information

https://www.bbc.com/news/technology-52135916

Globally: A closer look at privacy updates during pandemic, at a glance

The latest guidance and information from The Global Privacy Assembly (GPA members) and observers on data protection and COVID-19 can be find in the source below:

Source: https://globalprivacyassembly.org/covid19/

The post Privacy and Health Regulation updates during Covid-19: Must-know updates appeared first on Pryv.

“2020: Make trust first priority…”

So what? Enough with words, actions need to be taken.

The loss of trust.

Today, if you’re in the business of collecting sensitive personal data, building trust with your customers is essential for growing your business.

For many years now, users have been misguided and left in the dark regarding the processing of their own personal data. As a result, they tend to be more reluctant when it comes to sharing confidential information.

It’s simple: if your customers don’t trust you, they won’t provide you with their most sensitive data – and that is especially true in the healthcare sector.

Trust needs restoring.

Privacy and data protection regulations are trying to compensate for that fact, but the truth is: most companies still fail at implementing great consent solutions to keep data collection secure.

Yet, consent is most certainly your best opportunity for restoring that trust, dear business owners. Instead of approaching consent with fear and restraint, you should embrace the opportunity to win new customers and engage better with your existing ones!

But, first thing first: does your customer trust you? Truly?

Enhancing trust requires rethinking consent.

From a business perspective, “consent” is a legal requirement that a company should get in order to collect, use and further profit from their customers’ data.

Certainly, this way of thinking is precisely why most companies fail at implementing consent: they use it as a way of protecting themselves instead of taking it as an opportunity to build a trusting relationship with their customers.

So what is the key to rethinking consent?

If the “customer is King” for business, “Consent is King” for trust.

Consent is not about you.

From a customer-perspective, consent is their right to fully understand and choose how you would actually use and collect their data. So don’t make it all about you.

Rightfully ask for consent and don’t let the prospect of a quick profit blind you. Chances are: you’ll get a lot more out of a lasting relationship.

Moreover, consent should be easy to give or revoke any given time. And when it comes to sensitive personal data (like health-related data), it should always be explicit.

It should be “freely given”.

Be straightforward and simple when requesting access to data. Even if you are tempted to get more data by using gamification strategies, be careful. While it is one thing to motivate your customers through games and a user-friendly interface, it’s another to get consent over addiction.

Simply explain how you will turn the shared data into meaningful insightful feedback to your customers. And don’t use dark patterns like rewards and punishment to discourage your customers from exercising their rights to privacy.

Instead, why not use these same techniques to get a “specific, informed and unambiguous” consent?

Dynamic consent.

Dynamic consent is a new approach to consent that allows companies to put data users back at the center of the decision making process.

More specifically, it is a personalized digital interface that enables two-way communication between data users and data collectors, thus allowing for customers to give or revoke consent at any step of the way.

Generally, it is that part that companies fear the most: the risk of having users withdrawing their consent which will lead to less available data to be processed.

Turning risks into opportunities!

Of course, there is a risk to allow your customers to revoke consent.

But there is also a risk not to! From GDPR fines to having customers quitting your application due to the lack of flexibility, risks of losing money and data are pretty much everywhere and are no justification for bad practices and unrightful solutions.

Also, with each risk comes an equal opportunity! In that case: building a strong, compliant growing business. What is to fear about that?

Additional benefits.

New customers, further engagement from existing ones, relevant insights based on consent choices, a proof-regulation, compliant business, a lawful, ethical and challenging work environment… There are many ways in which you can actually benefit from properly implementing and managing consent, but only if you choose to!

Just remember that building trust and empowering your customers with transparency and choice will not only benefit them, but also you and your company in the long run.

Additionally, consider that not managing consent properly also has its drawbacks.

2020: Trust in consent-power to strengthen your business!

While most companies often think only about “lost profits”: How much will I lose if they revoke consent? Would they have consented if they didn’t know?… be the one to win profits!

If you haven’t ever considered how much you could actually gain from properly implementing and managing consent, after reading this article, we hope that you will.

Wishing you all the best and success for 2020, Stephanie & Evelina.

Next article is coming soon!

Authors:

Stephanie Tischhauser, Privacy Expert & Digital Content Writer @ Pryv SA
Evelina Georgieva, co-founder @ Pryv SA

Resources:

• https://www.weforum.org/agenda/2020/01/how-to-restore-trust-in-data/
• https://www.innopay.com/en/publications/digital-consent-management-key-data-opportunities
• https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf
• https://en.wikipedia.org/wiki/Dynamic_consent

The post Should companies fear “CONSENT”? appeared first on Pryv.

“GDPR displaces the problem. The problem is not data protection, but data collection” – said Edward Snowden 

We code and we are passionate about developing privacy-preserving software. So this statement got us thinking: isn’t the real problem actually that developers don’t know much about the legal requirements that come with the development of their applications? 

In this article, we would like to provide you with a way of development thinking that could help you overcome this challenge, or at least offer you a gift from Pryv: a little roadmap to privacy-compliance (or the 10 facts you should know when developing personal data collecting apps).

A little roadmap to privacy

As we acknowledge the need to restrain abusive data collection practices, we also believe that, with the right knowledge and intent, the collection and processing of personal data can actually help a lot. 

For this reason, we’ve decided to gather and further explain some facts about data, privacy, GDPR and compliance that (we hope) will help and guide you when confronted with the collection of personal data. Just like a roadmap brings you straightforward where you want to be.

So here are the 10 facts that we think you should know – or some tips that could help you achieve privacy:

#1. Different kinds of data need different kinds of attention.

The law distinguishes sensitive data from personal data. And did you know that personal data that are sensitive data in regard to the law requires specific protection?

For example, collecting health-related data will require you to be more cautious about consent and security than collecting the language personal preference of your customers. 

Tip: Always be aware of the kind of data you aim at collecting and using- today, tomorrow and in the further development of your project: so you can build your data infrastructure right from day 1. 

#2. Data minimisation is a thing.

Did you know that the law also requires you to only collect and process data that are actually needed for the purpose of your application? GDPR calls it “data minimisation”. And it applies to any personal data collecting app. To yours, too. If you doubt it, let’s check it out together. 

Tip: With that in mind, you should then always have a strict purpose for your application, and define the data that are strictly necessary to achieve that purpose. Don’t worry if you cannot project from now your future data needs, we prepared you another “tip” for this below.

#3. Metadata matters.

And more importantly, they can give way more information than you think. 

For example, by consenting to give you their geolocation data, your customers could certainly provide you with more information on their daily habits than they do with their actual logs about it.

Tip: Make sure that your customers are always aware of what data you collect and what you are doing with their data, who can access it, and for what purpose. Be clear and transparent.

#4. GDPR key concepts are a good start…

The right of access. The right to rectification. The right to be forgotten. The right to restriction of processing. The right to data portability. The right to object…

Tip: If your application falls under GDPR, these are the rights (or at least some of) that you should be able to provide to your customers. So make sure you take that under consideration when building your data model.

#5…but Privacy-by-design is the thing!!

GDPR is a good start if you’re looking for general guidelines to achieve privacy: by having these key concepts in mind, you will more likely tend towards a Privacy-by-design approach, and will thus likely make your code also more “regulation-proof”.

Tip: Privacy isn’t only about compliance. It is also about transparency, and building trusted relationships with the users of your application. And as outlined in our previous article, using a privacy-by-design approach will probably save you a lot of trouble in the long run!

#6. Consent is (not) an issue.

Consent is any “freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

Moreover, unless explicitly agreed for a concrete period of time, the consent must be easy to give and revoke at any given time.

Tip: You should always keep in mind that consent isn’t given by default. And your customers shouldn’t be asked to implicitly consent with your architecture either.

Now, have you ever heard of dynamic consent? If not, better get to know about it, as it will give you the flexibility and scalability you are looking for.

#7. Scalability meets compliance. 

Today, you prepare your code to be GDPR-compliant. Tomorrow, the ePrivacy Regulation will ask you additional layers of protection and code adaptation. And for what you know, your app could also soon be categorized as a medical device under the new Medical Device Regulation, or it could just be the market itself that suddenly requires you to adapt your software accordingly. 

Tip: Ensure scalability across legal frameworks. Not only with regard to existing and forthcoming regulations, but beyond. Regulations come and change, scalability is by-design.

#8. Proven compliance is a must-have.

Indeed, documentation is boring…(we know right?!), but required. We bet that you tend to postpone this part. The truth, however, is that within the context of managing personal data, your code will be audited. You will have to prove that you collect consent properly, store and share the data compliantly, aggregate and analyse on-purpose, and that you can validate that the data has been deleted, whenever the will for this is given.

Tip: Play smart, not hard! Evaluate a ready-to-use privacy-by-design solution, which is already documented, so you can free yourself from the hard work of documenting your code. We heard our customers say that they really appreciate us having this for them.(check it out) 

OR:

• Document your decisions and development processes to prove that you know what you do and how.
• Document your code to make it audit-able.
• Document how you collect the data and for what purpose 
• Document each time a process access data.
• Document each time data is erased.

Note that some of this documentation should be generated by your digital solution itself.

#9. Data breaches happen.

But only to others, right?! As developers, it is always tempting to go to « the cool stuff » and then unconsciously skip some very important steps. 

Tip: Mind-shift. By having in mind that a breach could happen to you, you will take more precaution and arm yourself (and your software) to handle the crisis. So take this risk seriously and don’t forget about security. 

#10 (….)

We listen. Carefully. So if you are a developer of a personal data-based app, what do you think would be the 10th fact to consider, so we can make this « cheat-sheet » excellent?

Now it’s all about you.

At Pryv, we aim at empowering companies and developers so that they can rapidly create and scale breakthrough, GDPR compliant products, and know what to keep in mind when developing personal data collecting apps. So we hope this article will help carry out our mission.

And if you’re interested to know more about our API and data model, you can check it out at pryv.github.io

Our next article coming very soon!

Yours,

Stephanie & Evelina

Resources:

• https://gdpr.eu/article-4-definitions/
• https://gdpr.eu/article-5-how-to-process-personal-data/
• https://gdpr.eu/Recital-51-Protecting-sensitive-personal-data/

The post 10 facts developers should know when developing personal-data collecting apps appeared first on Pryv.

Switzerland, Morges, 12 June 2019 – Pryv, the leading Swiss provider of privacy and personal data management software, and BGO Software, a Bulgaria-based leading software services and product development company, have announced the launch of an innovative eCRF solution to manage Real-World Data (RWD) and informed electronic consent (eConsent).

Designed to meet the requirements of GDPR and HIPAA regulations, the eCRF solution is based on Pryv.io middleware and BGO Software’s Metaforms software. Among the key functionalities of the solution is its ability to dynamically capture and store patients’ informed eConsent. To ensure trust and compliance, a full audit trail documenting interaction with the data is embedded in the solution.

The web-based form-building software allows researchers and clinicians to capture patients’ RWD and pave the way to useable insights . This data includes information from complex forms, questionnaires, voice input, wearable devices, mobile health (mHealth) apps, electronic patient-reported outcomes (ePRO), environment and more.

RWD is considered to be a major source of valuable information from patients in real-world conditions. Capturing RWD improves personalized patient care and enables more efficient scientific and clinical research. Additionally, this data makes it possible to monitor a patient’s safety and evaluate risk, demonstrate efficacy and effectiveness, gain market access and address the public’s growing interest in an efficient and sustainable healthcare system.

“Real-World Data is undoubtedly a valuable asset. However, creating and integrating dynamic forms and complying with regulations can be a very complex task and requires specific knowledge,” said Ivailo Ivanov, CTO of BGO Software. “Collaborating with Pryv adds an additional layer to the management of clinical data in our product Metaforms and ensures the patient’s data remains private. This is vital to ensuring they feel confident in sharing their data and giving us access to RWD.”

Though the software architecture of an mHealth application is important to ensuring the successful implementation and usage of the solution, this is only one part. A user-friendly design is more than just aesthetics. It plays a crucial role in the patient’s engagement, the operational efficiency, and the overall management of clinical data.

“A regulatory-compliant eCRF solution is one of the most common requests we receive from customers,” said Pierre-Mikael Legris, CEO of Pryv. “A user-friendly design is the key to collecting enriched RWD. By using BGO’s clinical data management experience and engineering know-how, we have been able to create an easy-to-use, modern and intuitive end-to-end solution that captures RWD and manages dynamic eConsent.”

The Pryv/BGO eCRF RWD solution can be accessed anywhere and can be customized to fit the needs and processes of any business or organization. Its functionalities benefit multicenter clinical trials. An API for third-party integrations has been made available to optimize data collection and real-time sharing. The solution is easily adopted and can be quickly launched – a transition to a paperless process is possible within a few weeks and the solution can be deployed on site or over the cloud.

Contact us to book eCRF / RWD platform demo 

About Pryv

Pryv helps organisations manage personal data from creation, use and sharing as well as address the enhanced data subject rights under GDPR such as transparency, portability and right-to-be-forgotten. Packaged for rapid integration, the software solution comes with a turnkey IoT connectivity, secure storage vault, fine-grained consent management and comprehensive auditing capability that radically cut IT development costs and accelerate time-to-benefit while addressing most stringent data protection requirements.

About BGO

BGO designs and develops solutions that help and support a number of governmental institutions, enterprises and IT organizations globally and has considerable expertise, primarily in healthcare, pharmaceutical and the clinical research industry. The company facilitates the work of, researchers, clinicians, CROs, biotechnology experts, trial managers, trial investigators, coordinators and other industry administrative professionals. BGO Software is an official Microsoft Gold Partner, Specialized supplier for manufacturing of IT of Hoffmann-La Roche and Genentech, Official Government Supplier for the Health Research Authority of the Department of Health in the United Kingdom &  Progress Premier Partner.

The post Pryv and BGO launch privacy-centric eCRF solution allowing to capture patient’s RWD and Informed Consent appeared first on Pryv.

“High BloodPressure is a silent killer, it doesn’t hurt and  you do not feel it, until it is too late” says Dr. Thomas Guggi, Project and Technical Lead at Riva Digital.

At Pryv, we are honoured to support Riva Digital initiative at its mission to increase the health literacy of the Swiss society by providing a solid data management foundation to enable data collection, structure, storage and sharing.

The oBPM app is collaboratively developed by Pryv, CSEM, Altran within digitalswitzerland initiative.

The post Pryv, Altran and CSEM introduces Riva Digital oBPM Blood Pressure Monitoring app appeared first on Pryv.

The collaboration includes the development of an innovative clinical data management solution providing a comprehensive picture of each patient’s journey – one which combines patient reported outcome (PRO) data with clinical records collected by healthcare professionals. The platform is designed to meet the unique needs of the investigational research as well as the post approval market, including phase IV studies, registries and online medical communities.

“Patient relevant outcome measures are a proven necessity to assess the efficiency, effectiveness and personalization of clinical trials” said Samir Mechati, CEO at RodanoTech “It supplements existing clinical data, increases treatment adherence and provides important insight about how patients are doing between medical visits”.

The patient data set is expanding from the high-quality information collected in the clinical protocol to the more private data collated from wearables, mobile apps and in-home clinical devices. By streamlining the collection and integration of this dataset, the joint Pryv/RodanoTech solution ensures a real-time connection with the patient health – capturing insightful data measured and influenced outside the four walls of the clinical setting.

“Real time, real world data that can be captured in patients’ daily lives is a powerful tool to optimise clinical research” said Pierre-Mikael Legris CEO at Pryv “Our platform will not only capture patient data but will also give participants a view on their own trial dataset, sending a strong message of transparency and inclusivity which can turn them truly engaged”.

Patient consent is a critical process that has historically been highly inefficient and prone to error. The joint Pryv/RodanoTech platform optimises that additional level of security between participants and clinical trial sites. Its greatest value comes from its dynamic, fine-grained consent and re-consent capability which gives patients the trust, transparency and control they require from clinical trials. The platform logs all authorizations, including the ‘contract’ between the patient and the investigator, for compliance oversight as mandated by GCP guidelines and privacy regulations.

RodanoTech and Pryv offer tailored solutions to conduct projects of any size, from small Phase I studies to large scale trials involving sophisticated designs and long-term follow-up across clinical settings and geographies. Our Academic offer begins with a “get started” costing for proof of principles and goes to a premium packaged solution for large scale clinical trials.

Contact us to discover the power of a tailor-made platform combining clinical and patient health data and supported by leading experts with extensive experience in clinical development.

About Pryv
Pryv helps organisations manage personal data from creation, to use and sharing as well as address the enhanced data subject rights under GDPR such as transparency, portability and right-to-be-forgotten. Packaged for rapid integration, the software solution comes with a turnkey IoT connectivity, secure storage vault, fine-grained consent management and comprehensive auditing capability that radically cut IT development costs and accelerate time-to-benefit while addressing most stringent data protection requirements.

About RodanoTech
RodanoTech is specialised in clinical data management services and electronic data capture solutions for industry and academic projects. The RODANO platform is the underlying proprietary technology that powers all RodanoTech solutions. RODANO is based on the most recent technical standards to streamline all aspects of the study conduct and complies with the latest recommendations regarding the use of computerized systems in clinical investigations (21 CFR Part 11). The platform can scale and adjust to accommodate clinical trial complexities through systematic automation of repeatable processes while providing appropriate hooks to new data collection methods.

The post Pryv and RodanoTech team up to optimise clinical research/trials with patient generated health data appeared first on Pryv.

This new partnership is set to benefit customers in Japan, Thailand and the Philippines with an IoT platform-as-a-service offering meeting the highest levels of data safety, privacy and user empowerment. Both companies share vision that privacy is not an obstacle to business innovation but a competitive advantage when implemented correctly. This partnership will broaden the availability of Pryv.io to customers in Asia Pacific and enhance the way they cope with sensitive data collection and utilization.

In a second phase, both companies intend to extend collaboration to Europe.

“Our partnership with Pryv aligns with our strategy to deliver best-of-breed IoT solutions that increase customer efficiency, productivity and quality of service” said Michiaki Satate, CEO at Interpolation. “Along our extensive experience in IoT and End-to-end solutions, we capitalize on Pryv’s expertise in data protection to design solutions that make the most of IoT connectivity while addressing markets’ strict regulation compliance, interoperability needs, and privacy concerns”

Businesses on the leading edge of data collection and usage are realizing that they will not be able to continue their existing business model without protecting consumers’ privacy. As data privacy increases in importance in Asia, Interpolation saw an opportunity to partner with one of the most rigorous privacy & data protection solution provider to deploy a platform where connectivity, secure personal data storage, consent management and compliance software is combined to offer businesses a comprehensive managed privacy service that improve transparency and user control regarding data privacy.

“We are pleased to welcome Interpolation to our partner network,” said Pierre-Mikael Legris, CEO at Pryv “The partnership capitalizes on the unique strengths of each entity; Pryv brings the power of its rigorous Privacy software capability to one of the most established and well respected IoT technology solutions providers in Asia Pacific; Intepolation complements this by bringing the benefits of its expert services and long-term relationships with customers in Asia to Pryv.”

In its initial phase, the partnership will address the privacy and IoT connectivity imperatives in Industrial and healthcare sectors where service providers are looking at keeping up with evolving regulations and protecting data privacy.

=====

Pryv is an independent software vendor, originating from the Swiss Federal institute of technology in Lausanne (EPFL), an environment well known for its ability to create thriving innovations and deliver on the Swiss values of quality, precision and reliability. The company helps organizations manage personal data from creation, to use, to sharing and enhanced rights such as transparency, portability and right-to-be-forgotten. Packaged for rapid integration, the software solution comes with turnkey IoT connectivity, secure storage vault, encryption protocols, fine-grained consent management and comprehensive auditing capability that radically cut IT development costs and accelerate time-to-benefit while addressing most stringent data protection requirements.

Contact: https://github.com/pryv

Interpolation’s corporate mission is to develop IIoT Solutions (Industrial Internet of Things Solutions) dedicated to infrastructures across the Globe with advanced IoT technologies. Interpolation’s Platform-as-a-Service enables Users to Manage Network/Sensor on various communication protocols, Visualize and Manage Storage in a single interface.

Visit NOCXX website or Interpolation website. 

Contact Europe: jlerrant@inter-polation.com

The post Pryv and Interpolation join forces to deliver a unique Privacy-as-a-Service offering to Asian Markets appeared first on Pryv.

Lausanne, June 26th, 2018 — Pryv, the leading provider of privacy and personal data management software, today announced a partnership with Net4all which will give Swiss startups and SMEs access to a secure, compliant and fully managed cloud hosting solution for Pryv.io. This partnership will ensure that sensitive personal data is duly managed thru its lifecycle and kept completely secure under the stringent standards of the Swiss LDP and GDPR legislation. Net4All, one of the top hosting providers in Switzerland, is specialized in Web Hosting, Managed Services and Cyber Security for information systems and digital platforms. The company is ISO 27001 compliant.

“With Pryv.io on a managed cloud, customers get up and running quickly, with enterprise class operational support and proactive monitoring” says Anthony Gerard, CEO at Net4all.

“This way, in-house SME teams can focus on innovation and getting out to market quickly while Pryv and Net4all deliver core privacy functionalities as a service”

Managing privacy can be a costly capital expense that requires skilled resources to operate and maintain business applications in a secure and reliable manner. By hosting Pryv.io within Net4all world-class data centers and leveraging their expert management services, startups and SMEs gets the best of both worlds – rigorous privacy preserving capability at reduced operational costs, greater performance and reliability.

“Today, we are seeing more than three-quarters of startup customers ask about managed cloud hosting” says Pierre-Mikael Legris, CEO at Pryv. “As that deployment model becomes the norm, we are now ready to enable our customers to move to the cloud with confidence, fast, and leveraging the highest standards of reliability, security, and scalability.”

Through this trusted partnership, hosted customers receive the following benefits:

• A secure hosted environment that best suits their needs, with 24/7/365 support
• Full ownership of the data and retention of the software rights
• Custom tailored backup and data retention policy
• Ability to customize their application and still remain in the cloud
• Receive software updates and services packs at no additional charge.  

Net4all and Pryv will offer four managed hosting packages with varied levels of support, beginning from a “get started” offering for POCs to a premium Platinum Package for large scale, mission critical environments. The Pryv and Net4all team will sit down with you for consultation to assess your needs and the level of support needed.  

The post Pryv partners with Net4all to launch a managed hosting solution for privacy and personal data management appeared first on Pryv.

Lausanne, June. 15, 2018 — Pryv, the leading provider of privacy and personal data management software, announces that it has signed a partnership agreement with Altran, the leader in Engineering and R&D services empowering the next generation of healthcare evolution.

This partnership puts the patients at the heart of MedTech innovation and protects their privacy complying the most stringent data regulations with Altran acting as an end-to-end R&D engineering partner developing smart, patient-centric and compliant medical devices. Pryv brings trust, transparency and control over the use of sensitive medical data.

“Medtech companies operate in one of world’s most regulated environments, and scrutiny and complexity are only increasing” says Andreas Kuhn, CTO at Altran Switzerland. “Pryv extends our regulatory expertise with a rigorous data protection capability that accelerate time to compliance and enable privacy-preserving design from the outset of product development”

Altran and Pryv teamed up to enable Riva Digital, a Swiss eHealth initiative tackling the problem of hypertension in Switzerland.

The initiative encourages citizens to maintain healthy lifestyle behaviors and instantly keep tab on their blood pressure level right from their smartphone.

The medical-grade monitoring app builds on a breakthrough optical blood pressure monitoring method from the Swiss Center for Electronics and Microtechnology (CSEM), App development and integration from Altran and rigorous privacy and personal data management capability from Pryv. 

Riva digital bets that one year from now 100,000 people will have demonstrably lowered their blood pressure.

Pryv helps organisations manage personal data from creation, to use, to sharing and enhanced rights such as portability and right-to-be-forgotten. Packaged for rapid integration, the software solution comes with a secure storage vault, encryption protocols, fine-grained consent management and comprehensive auditing capability that radically cut IT development costs and accelerate time-to-benefit while addressing most stringent data protection requirements.

Altran ranks as the undisputed global leader in Engineering and R&D services (ER&D), following its acquisition of Aricent. The company offers clients an unmatched value proposition to address their transformation and innovation needs. Altran works alongside its clients, from initial concept through industrialization, to invent the products and services of tomorrow. For over 30 years, the company has provided expertise in aerospace, automotive, defense, energy, finance, life sciences, railway and telecommunications The Altran Group generated revenues of €2.9 billion in 2017, with some 45,000 employees in more than 30 countries.

The post Altran Switzerland and Pryv join forces to give Life sciences customers a GDPR-proof path to connected health applications appeared first on Pryv.

Pryv.io helps organizations manage personal and health data from creation, to storage, use and sharing.

Our software comes with:

• A secure storage vault
• Dynamic consent management
• Complete auditing capability

We:

• manage personal data from creation, to use, to sharing, archival and deletion.
• enable response to current and forthcoming privacy and data protection regulations
• accelerate time to market and reduce development cost of innovation

So customer can:

• stay focused on their core business and innovation course
• create value on top of a solid foundation of privacy and data protection
• turn compliance investments into a differentiating advantage.

The post Meet pryv.io, win with privacy and ensure GDPR compliance. appeared first on Pryv.

Positioning itself as the next industry standard for personal and real-world data standard, Pryv is looking forward to participating in the Pistoia Alliance Community to promote collaboration as many organisations would benefit significantly from industry-wide pre-competitive collaboration.

Still, one of the biggest challenges the industry has, is transforming the growing number of collected data sets into meaningful insights via developing and implementing machine and deep learning systems.

Pryv addresses this challenge by providing the industry with a technology solution that enables data collection and standardization, storage and distribution, while allowing different and multi-algorithms to be used to identify patterns and outcomes.

Used as a foundation of R&D products development, Pryv eHealth Middleware technology ensures fast access to data and its compliant usage cross-borders. Easy access to acquiring real-world data, designing real-world data platforms and delivering real-world evidence, while ensuring the data is managed properly: preserving data privacy and security first is the promise Pryv brings to the wider Life Science community.

Benefiting from the ready-to-be used Middleware solution of Pryv, Pharmaceutical and Life Science companies can focus now primarily on their research and deliver real benefits to patients while being sure the data management is done right under their control.

The blockchain technology Pryv developed, and implemented in its Middleware is used to validate data set genuineness through its full life-cycle and provide a data trail audit, while the unique data ontology allows for granular data distribution to each stakeholder respecting Ethical, Legal and Clinical Data Requirements.

About Pryv

Pryv is an independent Swiss SME founded in 2012 with the mission to promote, develop and implement Health IT patient-centric solutions across the healthcare industry.Pryv developed and sell licenses of a trusted Swiss-made and validated eHealth Data Middleware to empower Pharmas, Hospitals/ Clinics, Medtech, Digital Health, Insurances to build compliant, innovative and scalable data-driven eHealth products with confidence, reduced time and IT expenses while respecting complex Data Privacy Regulations.

About The Pistoia Alliance:

The Pistoia Alliance is a global, not-for-profit members’ organisation made up of life science companies, technology and service providers, publishers, and academic groups working to lower barriers to innovation in life science and healthcare R&D. It was conceived in 2007 and incorporated in 2009 by representatives of AstraZeneca, GSK, Novartis and Pfizer who met at a conference in Pistoia, Italy. Its projects transform R&D through pre-competitive collaboration. It overcomes common R&D obstacles by identifying the root causes, developing standards and best practices, sharing pre-competitive data and knowledge, and implementing technology pilots. There are currently over 80 member companies; members collaborate on projects that generate significant value for the worldwide life sciences R&D community, using the Pistoia Alliance’s proven framework for open innovation.

The post Pryv joins The Pistoia Alliance to lower the barriers of adopting innovation in life sciences research and development appeared first on Pryv.