https://edps.europa.eu/system/files/2021-04/21-04-27_aepd-edps_anonymisation_en_5.pdf
- Misunderstandings:
- “Pseudonymisation is the same as anonymisation”
- Fact: Pseudonymisation is not the same as anonymisation
- “Encryption is anonymisation”
- Fact: Encryption is not an anonymisation technique, but it can be a powerful pseudonymisation tool.
- “Anonymisation of data is always possible”
- Fact: It is not always possible to lower the re-identification risk below a previously defined threshold whilst retaining a useful dataset for a specific processing.
- citing: Rocher, L., Hendrickx, J. M., & De Montjoye, Y. A. (2019). Estimating the success of re-identifications in incomplete datasets using generative models. Nature communications,
10(1), 1-9, https://doi.org/10.1038/s41467-019-10933-3
- citing: Rocher, L., Hendrickx, J. M., & De Montjoye, Y. A. (2019). Estimating the success of re-identifications in incomplete datasets using generative models. Nature communications,
- Fact: It is not always possible to lower the re-identification risk below a previously defined threshold whilst retaining a useful dataset for a specific processing.
- “Anonymisation is forever”
- Fact: There is a risk that some anonymisation processes could be reverted in the future. Circumstances might change over time and new technical developments and the availability of additional information might compromise previous anonymisation processes.
- “Anonymisation always reduces the probability of re-identification of a dataset to zero”
- Fact: The anonymisation process and the way it is implemented will have a direct influence on the likelihood of re-identification risks.
- citing: External guidance on the implementation of the European Medicines Agency policy on the publication of clinical data for medicinal products for human use (2016) https://www.ema.europa.eu/en/documents/regulatory-procedural-guideline/external-guidance-implementation-european-medicinesagency-policy-publication-clinical-data_en-0.pdf
- Fact: The anonymisation process and the way it is implemented will have a direct influence on the likelihood of re-identification risks.
- “Anonymisation is a binary concept that cannot be measured”
- Fact: It is possible to analyse and measure the degree of anonymization.
- Step 4: Measure the data risk. De-identification Guidelines for Structured Data, Information and Privacy Commissioner of Ontario June 2016. https://www.ipc.on.ca/wp-content/uploads/2016/08/Deidentification-Guidelines-forStructured-Data.pdf
- Fact: It is possible to analyse and measure the degree of anonymization.
- “Anonymisation can be fully automated”
- Fact: Automated tools can be used during the anonymisation process, however, given the importance of the context in the overall process assessment, human expert intervention is needed.
- “Anonymisation makes the data useless”
- Fact: A proper anonymisation process keeps the data functional for a given purpose.
- “Following an anonymisation process that others used successfully will lead our organisation to equivalent results”
- Fact: Anonymisation processes need to be tailored to the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons.
- “There is no risk and no interest in finding out to whom this data refers to“
- Fact: Personal data has a value in itself, for the individuals themselves and for third parties. Re-identification of an individual could have a serious impact for his rights and freedoms.