[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DFRI-listan] Anonymous or pseudonymised data in the proposed general data protection regulation

Bra grejjer från Holland: http://staff.science.uva.nl/~noordend/publications/DPR-GvN-final.pdf

Alldeles färskt: Guido van't Noordende, Informatics Institute, University of Amsterdam, April 30, 2013


Summary of main points

− Definitions of anonymous or pseudonymous data are unnecessary if a good definition of personal data exists. Currently proposed definitions of anonymous and pseudonymous data focus narrowly on removing directly identifiable features from microdata, thus ignoring significant risks of re-identifyability of the remaining data.

− Current Article 83 creates an exemption from DPR rules that allows usage of data for “historic, statistical, and scientific research” even if identifiable, without consent. This is too lenient, particularly given the broad application of Article 83 within the DPR.

− Medical information looses its special protection in the DPR (compared to 95/46/EC) under the original definition of Article 81 in the commission's proposal. A consent requirement should be included in Article 81(2). Also, Article 83 should not permit for processing of special categories of information for historical, statistical and scientific research without explicit consent.

− Re-identification mechanisms have been described for years, and it has been shown that combination of “anonymised” (or pseudonymised) data with other (background) information is straightforward. If due to new DPR regulations more and more “anonymised” micro-information becomes available, this problem is exacerbated, as re-identifcation and/or linkage of this information with other information becomes even more straightforward.

− Pseudonymised information, due to its inherent property of linkability and longitudinal stability (i.e., being the same over time), may bring additional risks compared to using anonymous data. Pseudonymization is usable as a tool for securing information during processing, but should not be used as a means to escape DPR rules such as accountability and transparency.