Data is becoming more valuable every year. Companies use it to optimize current processes and create new business models. However, using it under the law is not so easy. SPBILF 9 ¾ (the St. Petersburg International Legal Forum) featured discussions on how the free circulation of depersonalized data will help businesses and what to do with the rights of citizens.
At the beginning of the discussion, Tatyana Matveeva, Head of the Office of the President of the Russian Federation for the Application of Information Technologies and the Development of Electronic Democracy, said that the process of creating a legal framework to handle data about individuals has already been launched in Russia. In particular, a bill on the regulation of depersonalized data is being discussed, and a federal project called “Artificial Intelligence” has been launched, in which the work with data will be regulated by experimental legal regimes.
“In addition to regulation from the government, I think it would be critical to develop industry standards and codes. This would benefit both the internal digital culture of the companies that work with personal data and public confidence in the processing of depersonalized data. It would also allow the Russian business community to position itself quite favorably on the international arena,” explained the expert.
The topic of codes of ethics was continued by session moderator Anna Serebryanikova, President of the Big Data Association. She stressed that ethical documents in the field of technology are a Russian novelty, as so far, it is only in Russia that large businesses have agreed and teamed up to work out unified standards and norms in the field of personal data processing.
Milosh Wagner, Deputy Head of the Federal Service for Supervision of Communications, Information Technology and Mass Media, said that the problem of data depersonalization as such is acute today because, with some mathematical processing, personal information can be personalized again.
“Today, the depersonalization that we have done with data leads to a certain degree of remoteness, and tomorrow, there emerge new technologies that bring this data much closer to the person, and re-identification can be performed in two clicks. That is, we have to provide some regularity in revising the way depersonalization is applied,” said the expert.
Ruslan Ibragimov, Vice-President for Government Relations and Public Affairs at PAO MTS, highlighted another problem related to personal information. According to the expert, serious difficulties are now caused by the difference in approaches to the term “depersonalized/personal data” itself.
“The reason for this difference is that the state and authorities do not distinguish between personal data and depersonalized data. And if we agree with this, the logic of the state is clear: personal data is protected, its turnover is prohibited, and hence the urge to tighten the turnover — which is what we observe in practice. But if we understand depersonalization as the separation of data from the individual and as an independent object, then there is no problem: this data could well be put into circulation. It seems to me that we must define this concept for good at the level of legislation. Once we reach a consensus on this, all other issues will be solved more or less automatically,” the speaker explained.
Irina Levova, Director of Strategic Projects at the Institute of Internet Studies, told about how Russian companies can evaluate the effectiveness of data depersonalization and presented an experimental approach that business players could use in their practice.
“We have studied the experience of 11 countries. The examples of Singapore, Great Britain, and the European Union seemed the most revealing to us. These countries have adopted a risk-based approach to dealing with depersonalized data, and the assessment, as recommended by regulatory agencies, is performed by companies themselves. If necessary, consultations are held on how much risk of depersonalization is involved and whether the database can be transferred to a third party. We think it would be good to look at the existing experience, add something new to it, and adopt this [integrated] approach in Russia,” said Irina Levova.
The session was also attended by Alexander Bogdanov, Professor of the Department of Fundamental Informatics and Distributed Systems of St. Petersburg State University, Anna Popova, Vice-President of PAO SberBank, and Dmitry Ter-Stepanov, Deputy General Director of ANO Digital Economy.