The management of personal data, a gold mining process
![Image Cybermalveillance.gouv.fr étend [« SensCyber »], son dispositif de e-sensibilisation](https://incyber.org//wp-content/uploads/2024/03/incyber-news-people-connexion-885x690.jpg)
![Image [IA, 6G, identité numérique :] États-Unis et UE poursuivent leur coopération](https://incyber.org//wp-content/uploads/2024/01/incyber-news-cybersecurite-cybersecurity-partenerariat-partnership-885x690.jpg)
![Image [PhilosoFIC :] les algorithmes génératifs, fossoyeurs ou accélérateurs de l’intelligence humaine ?](https://incyber.org//wp-content/uploads/2024/03/incyber-news-cybersecurity-persona-885x690.jpg)
The problematic use of personal data is an inevitable correlation of all digital technology.
Isolated personal data is not very significant; but the situation is quite different when they link up with a mass of other data and are thus able to accurately outline the personal life of an individual to create a digital clone. This use of these digital clones as a commercial tool is lawful as long as the prototype, or the individual, has acknowledged and consented to the use of his or her clone.
It should be noted that the commercialization of the digital body does not conflict with the taboo of the non-commerciability of the human body- as stated in the Civil Code; though, its use could be prejudicial for the individual. But the immaterial clone in the hands of commercial actors had little interest for the individual who incidentally and regularly ignored its existence. It has recently become a public concern due to the combination of a continued legislative effort and damaging events that are widely discussed.
With the current European regulatory project being discussed, the legislator hopes to organize henceforth a framework that is ever more demanding and that also makes the public more aware of the collection and use of personal data so as to prevent the unfair, abusive or discriminatory portrayal of the individual by whichever actor. Beyond the reinforcement of prescriptive sanctions, dreaded by the market as they strain companies, this is a mechanical process that implements and strengthens accountability measures. The center of gravity of the data processing responsibility is becoming internalized. Yet the degree of responsibility handled by the “head of processing” bound to the ethical function of the concerned company and to the desired return of investments. What is meant by responsibility is risk management (not just cyber) and the corresponding allocation of resources. What is meant by investment return is the measure and optimization of productivity. And what is meant by ethical are the culture and values of the company, inevitably different from one company to another.
A company can no longer avoid the risk management process that concerns it; whatever may be the ethical vision of personal data management, the degree of acculturation of a management problematic, the number of available resources to be managed, or the investment return that can be attained. It is faced today with an unavoidably quick transition towards an optimal management of these variables. In order for the management of personal data to be a non paralyzing factor and a source of wealth, it must be integrated systematically throughout the company in a coordinated and agile manner. A great amount of energy, skill and organization still prove to be indispensable to turn lead into gold.
PriV’impact
Anne-Sophie Schumacher (Lawyer, Founder Juris Values)
Eric Charikane (Founder,Director , PIAwatch)
Hadi El Khoury (Founder,Director, Sekimia)
Diane Rambaldini (Founder, Crossing Skills)