CCPA

Data collected by entities that do not have a direct relationship with the individuals whose data is being gathered, typically aggregated from multiple sources and sold to other organisations for marketing, analytics, or enrichment purposes. The value and availability of third-party data have declined sharply due to privacy regulations (GDPR, CCPA), browser restrictions on third-party cookies, and growing consumer demand for data transparency.

Data collected directly by an organisation from its own customers, users, or audience through owned channels such as websites, apps, CRM systems, transactions, and surveys. First-party data is considered the most valuable data category because it is collected with consent, is unique to the organisation, and provides direct insight into customer behaviour and preferences.

The General Data Protection Regulation (EU 2016/679), a comprehensive data protection law that governs the collection, processing, and storage of personal data of individuals within the European Economic Area. GDPR imposes strict requirements on data controllers and processors, including lawful basis for processing, data minimisation, breach notification within 72 hours, and fines of up to 4% of global annual turnover for non-compliance.

A structured process required under GDPR Article 35 to identify, assess, and mitigate privacy risks arising from data processing activities that are likely to result in high risk to individuals. DPIAs are mandatory before deploying new technologies, large-scale profiling, or processing sensitive personal data, and must document the necessity, proportionality, and safeguards of the proposed processing.

The filing of a security interest under a Personal Property Securities Act, which is the legal framework governing secured transactions over personal property (including intangible assets) in jurisdictions such as Australia, New Zealand, and Canadian provinces. PPSA registration perfects the security interest, establishes priority against competing claims, and provides public notice of the encumbrance.

A secure, privacy-preserving technology environment that enables multiple parties to combine and analyse their datasets without either party gaining access to the other's raw data. Data clean rooms use cryptographic techniques, aggregation rules, and access controls to enable collaborative analytics while maintaining data privacy compliance.

The principle that data is subject to the laws and governance structures of the country in which it is collected or stored. Data sovereignty requirements affect cloud computing architecture, cross-border data transfers, and vendor selection, particularly in light of GDPR restrictions on transfers to countries without adequate data protection standards.

A regulatory and technological framework that enables third-party financial service providers to access consumer banking data through secure APIs, with the customer's explicit consent. In the UK, open banking was mandated by the CMA's Open Banking Remedy (2018) and is governed by the Open Banking Implementation Entity.