Data Privacy at the Forefront of TONE Solutions

TONE Technology and Related Services Under Applicable GDPR & UK Data Protection Law

Author: Tom Webster

October 13, 2023

TONE commissioned Osborne Clark - the world's legal authority on data privacy, to evaluate TONE Technology with extreme prejudice, against the standards mandated by GDPR and UK Data Privacy laws.

Data is the raw ingredient for so many businesses, with the potential to unlock efficiency gains, power innovative business models, offer personalized, customer-centric services and create new revenue streams for commercial advantage.

However, data laws are in a state of evolution internationally, as technological change requires new responses to how data is used and privacy is protected. This shifting legal landscape can be a challenge for businesses and pose tricky regulatory and compliance issues across jurisdictions.

With the General Data Protection Regulation (GDPR), Europe has set out a clear regulatory approach in respect of personal data, increasing protection of individuals in the digital age and clarifying rules for companies and public bodies in the digital single market. Meanwhile, the European Commission has progressed with its proposed regulatory regime for artificial intelligence (AI) and aims to harmonize the laws in this area across the EU, including significant GDPR-style fines for non-compliance and a proposed tiered system to categorize different AI systems and risk.

There has been a market shift in using tech and data for environmental, social and corporate governance measures too – and the use of data can be intensive. There are rewards for businesses that can take advantage of emerging trends and the ever-growing number of nascent opportunities to make the most of their data, particularly when it comes to commercializing this resource compliantly.

TONE's patented technology utilizes tiny, engineered audio fragments called TONE-Tags® that, when layered into other marketing channels, can deliver PASSIVE, hyper-personalized, mobile engagement to consumers & fans - enabling seamless engagement, all while collecting tons of invaluable data.

Naturally, this form of mobile engagement needs to be evaluated against the ever-evolving data privacy regulations. As GDPR represents the most stringent and punitive laws, it only makes sense that TONE Technology, as well as their marketing statements and claims, be evaluated through this lens.

To see the full report from Osborne Clark, click here. In summary of Osborne Clark's findings:

• The use of TONE Technology does involve the processing of personal data (as defined under the GDPR).
• TONE is a processor (rather than a controller) of personal data (as such terms are defined and used under the GDPR) - which is unlikely to be commercially problematic.
• (Organizations) are lawfully entitled to use the TONE Technology in light of the requirement for user consent and TONE's proposed measures for obtaining consent would easily satisfy GDPR criteria.
• Although there is not an outright prohibition, GDPR does apply more complex rules only to the more specific activities of automated decision making and profiling. It is highly unlikely that TONE's activities would touch upon these more restricted activities.