In this decision, the European Patent Office did not grant a patent on the concept of linking customer data with a key instead of personally identifiable information to improve privacy protection. Here are the practical takeaways of the decision T 1150/13 (Linking data/TRA) of 26.5.2020 of Technical Board of Appeal 3.5.01:
This European patent application generally relates to the protection of privacy of information.
The invention includes a “tier of a processing system configured to receive data”, wherein said tier may e.g. cover a marketing research company. The market research company compiles data about households for measuring the effectiveness of advertisements. The data is received from one or more data suppliers, including a digital television set-top-box (DTSB) that supplies clickstream data and other data relating to the household’s viewing habits.
The received data comprises a “first identifier”. This could be a customer account number used as an identifier of the household by the data supplier. In order to link data relating to the same household from different data suppliers, there is a “thesaurus” that does just that. The thesaurus seems to be generated by a third party entity (“list matcher”) that is trusted with personally identifiable information. The list matcher uses household addresses to link the account numbers (“first identifiers”) from different data suppliers and assigns a “key” (TRA_KEY) to each household. The key does not contain any PII.
The marketing research company obtains the thesaurus from the third party and uses it to link customer account numbers relating to the same household. Since neither the customer account numbers, nor the thesaurus, contains PII, privacy can be preserved.
Here is how the invention is defined in claim 1:
Claim 1 (sole request)A computer system for processing data, the system comprising:
a tier of a processing system configured to receive data from one or more data suppliers 136 comprising at least a content delivery source 104 located in a household 102 of a consumer, the received data comprising a first identifier associated with the household 102 assigned by the data supplier 136;
means 134 for generating a thesaurus 138 relating each first identifier associated with the household 102 to a second identifier comprising personally identifiable information associated with the same household 102, wherein the means 134 for generating a thesaurus 138 assigns a key to the second identifier; and
a module 132 configured to use the thesaurus 138 and the key to produce data associated with the household 102 without the second identifier associated with the household 102.
Is it technical?
The first-instance examining division considered that claim 1 contained a mix of technical and non-technical features. In fact, the core features of the invention summarized above were considered to be abstract, administrative steps devoid of technical character. As the avid reader will know, non-technical features do not enter the inventive-step analysis under the COMVIK approach.
The appellant argued that the invention saved bandwidth and improved data security. The bandwidth savings came from the use of a central authority for generating the link between data from different sources. Without it, the marketing research company would have to obtain and store many different customer IDs. But the board did not agree:
The Board, however, does not see that the invention provides any savings in bandwidth. Neither claim 1 nor the description defines the amount of data stored at and sent between the different entities. Indeed, bandwidth savings is not mentioned as an issue anywhere in the application. The data needs to be stored somewhere within the system, and although a central data store might have some benefits, it creates overhead as well.
In the Board’s view, the role of the central List matcher has to do with trust and not with storage/bandwidth. For some reason, the List matcher has access to PII, which allows it to generate the link between different customer accounts. This is an administrative rather than a technical issue.
Furthermore, the Board takes the view that the protection of privacy, by replacing PII (an address) with non-PII (a key) is not technical. It is an administrative scheme or a mental act.
Therefore, the board concluded that the invention merely amounts to the implementation of a non-technical method on a computer system. Claim 1 was found to lack an inventive step, and the appeal was dismissed.
You can read the whole decision here: T 1150/13 (Linking data/TRA)