Effective anonymisation techniques provide a privacy-friendly alternative to sharing personal data. Organisations must, however, be reasonably confident that disclosing or sharing apparently anonymous information will not lead to the inappropriate disclosure of personal data, for example through ‘re-identification’.
With this in mind, the ICO is calling for views on the first draft chapter of its new guidance on anonymisation, pseudonymisation and privacy enhancing technologies. The chapter is an introduction to anonymisation and provides definitions of anonymisation and pseudonymisation. It explores the legal, policy and governance issues around the application of anonymisation and pseudonymisation in the context of data protection law.
The guidance will be useful for organisations considering anonymising otherwise personal information helping them to assess and mitigate the risks that may arise. The guidance will be relevant for example, where any entity is:
- required by law to publish anonymous information, e.g. some health service bodies;
- looking to use data in new and innovative ways, e.g. to improve services or collect large volumes of data to train AI models; or
- looking to provide anonymous information for research purposes, or to enable wider social benefits.
Anonymous information is the end result of a process that converts personal data, which identifies an individual, to information that data protection legislation no longer applies to. Anonymisation is the way in which personal data is turned into anonymous information.
Data protection law requires that information is ‘effectively anonymised’ before it can be processed outside the reach of data protection law. This requirement does not mean that anonymisation is entirely without risk, as long as the entity handling the data can mitigate the risk of re-identification until it is sufficiently remote.
The draft chapter provides guidance on the benefits of anonymisation, noting that anonymisation is important as it limits data protection risks and supports the principle of data minimisation. Ultimately, it allows for disclosure of information to other organisations and use of anonymised information more freely as fewer legal restrictions apply.
Anonymisation v pseudonymisation
The draft chapter also outlines the way in which pseudonymisation differs from anonymisation. Pseudonymisation is a technique that replaces or removes information which identifies an individual. For example, removing names and replacing them with a reference number. The additional information (the names) must be kept separately in a secure manner. This means that individuals are not identifiable from the pseudonymous dataset itself, but they can be identified by referring to the additional information held separately. In contrast to anonymisation, pseudonymous data is classed as personal data and data protection law is still applicable.
The ICO intends to publish further draft chapters on its new guidance for comment throughout the summer and autumn. The ICO is inviting feedback in order to develop the guidance further prior to its publication at the end of this year. Feedback can be provided until 28 November 2021 via email@example.com.
How can we help?
Our specialist Data Protection & Cyber Security team can assist you if you are considering sharing personal data or using privacy enhancing techniques such as anonymisation or pseudonymisation.
This article was co-written by Clare Tuohy, Trainee Solicitor.