Function as provided in January 2011
07/04/2011 – 30/04/2013
Am Köllnischen Park 1
PseudoDat supports the principle of data minimisation: Address data of address broker and buyer are not exchanged and matched in clear text, but only subsequent to pseudonymisation by means of irreversible encryption.
Address brokers and buyers must ensure that each particular matching process and trading of address data is backed by a proper legal basis.
The PseudoDat service is used by organisations in the forefront of an acquisition of address data. Common practice today is that address data of address brokers and buyers are exchanged in clear text in order to identify duplicates. This matching serves the purpose to assess the value of the address data that are to be acquired.
PseudoDat offers an alternative to the exchange of clear text data: Prior to the matching, the two sets of address data are pseudonymised by means of irreversible encryption. For this purpose, buyer and address broker must install specific application software developed by m-privacy. The actual matching of the pseudonymised data takes place on the so-called PseudoDat Rendezvous server located at m-privacy’s premises.
In the course of a matching process, address broker, buyer and PseudoDat Rendezvous server need to establish connections to each other for the purpose of communication. Each communication is secured through a virtual private network (VPN).
For each particular matching process, address broker and buyer must exchange a pseudonymisation key that is generated by the PseudoDat application software. The key is encrypted with the aid of GnuPG prior to being sent from one to the other party of the matching process.
m-privacy informs its customers about privacy-relevant issues in conjunction with the use of the PseudoDat service by means of a particular information sheet. Notably, buyers and address brokers are advised of their legal obligation to ensure that each particular matching process and trading of address data is backed by a proper legal basis.
It is important to note that m-privacy does not act as data processor in the sense of Article 2(e) of Directive 95/46/EC in respect of the matching of data on the PseudoDat Rendezvous server. This results from the fact that pseudonymised address data do not qualify as personal data, since pseudonymisation is performed by means of irreversible encryption. However, buyer and address broker (who are in possession of their original clear text address data) are able to identify duplicates, since pseudonymised and clear text data sets are structured by means of reference numbers.
The Target of Evaluation (ToE) is the PseudoDat service consisting of the specific software for buyers and address brokers as well as of the PseudoDat Rendezvous server.
The ToE includes
- PseudoDat Rendezvous server
- PseudoDat application software for address brokers, buyers and Rendezvous server
- Protection of communication by means of a virtual private network (VPN)
- Storage of public keys on the PseudoDat Rendezvous server
It does not include
- Billing of services that are provided by use of the ToE
- Operating systems that are utilised for the operation of the application software
- Technical support provided by m-privacy
Formerly Certified Versions