VGS corporate lawyers
London

+44 2039665531

Milan

+39 0250043613

  • Home
  • Who we are
  • Practice Areas
    • Company law
      • Setting up a company in Italy
      • Corporate governance
      • Bankruptcy
    • Debt Recovery & Credit Collection
    • Arbitration and Mediation
    • Contracts
      • Acquisition Finance
    • White collar crimes
    • Data protection and GDPR
    • Professional Negligence
      • Medical Malpractice
  • People
    • Avv. Valentina Giarrusso
    • Avv. Flavia Di Pilla
    • Avv. Silvia Pellegrini
    • Avv. Giuseppe Ganci
    • Avv. Valentina Improta
    • Dr. Fabrizio Di Patti
    • Avv. Salvatore Fasciana
    • Dr. Yasine Ajlane
  • News & Blog

Anonymisation versus Deidentification: Information Technology techniques

  • by VGS' Editorial Board
  • 19 June 2019
  • Comments (0)

Recital 26 of the General Data Protection Regulation states that data protection principles shall not apply to anonymous information. In particular, anonymous information is not related to an identified or identifiable natural person in such a manner that data subject is not or no longer identifiable. Contrarily, the same recital confirms the application of data protection principles to anonymised information. In fact, pseudonymised personal data might be attributed to a natural person by the use of additional information. Subsequently, pseudonymised data is considered information on an identifiable person. The aforementioned technical measures constitute a relevant aspect for both data controllers and processors. In fact, adequate measures that provide a certain degree of anonymisation or pseudonomysation are considered paramount in relation to the accountability principle. These processes might be described as:

  1. Processing of data into a form which does not identify individuals and where further identification is not likely to take place (Anonymisation);
  2. Processing of personal data in a form that personal information can no longer be attributed to a specific data subject without the use of additional information (Pseudonomysation).

  However, not everyone believes that anonymisation process is possible. In fact, the illusory nature of anonymisation procedures has been argued several times. In particular, anonymisation is an illusion because of the existence of many datasets to cross-reference. Then, any set of data combined with a non-trivial information on some data subject is likely to match identifiable public records. Furthermore, it has been argued that personal data can either be useful or perfectly anonymous; but never both. In addition, reidentification sciences are dismantling privacy policies by undermining trust we have placed in anonymisation. Moreover, a group of MIT scientists have demonstrated how easy and fast can be deanonymisation process. However, in such depicted scenario, we may find undertakings and database claiming full anonymisation of stored information or of their technical services. Those datasets are deidentified rather than anonymised; names and other relevant identifiers are cancelled while the rest of data is untouched. Then, deidentification does not ensure anonymised data due to the vast amount of sources on the Internet that still have many identifying information in therm. In this context, differential privacy may constitute a crucial point for ensuring anonymisation services. Differential privacy technology is helpful to discover usage patterns of several data subjects without compromising privacy. Roughly, differential privacy is a digital constraint on the algorithms involved in the publishing of aggregate information about a database that limits the privacy impact on data subjects whose information are included in the database. Deidentification is still a useful data minimisation technique. Data processing may require deidentification rather than anonymisation due to certain necessities. For instance, deidentification is useful in long-term datasets where you need to keep track of where – what user and/or device – certain data come from. For further information please contact us or leave your contact details in the Contact Form and you will be contacted within 24 hours.

  • Data Protection
  • GDPR
  • Share:
Previous Article: Payment of company directors
Next Article The non-competition agreement

Practice Areas

  • Company law
    • Bankruptcy
  • Debt Recovery & Credit Collection
  • Arbitration and Mediation
  • Contracts
    • Acquisition Finance
  • White collar crimes
  • Data protection and GDPR
  • Professional Negligence
    • Medical Malpractice

Free Consultation

    Tags

    ADR Airbnb Arbitration Auditing Brexit Company Law Company Shares Consent Contracts Cookies Copyright Coronavirus Data DataProcessing Data Protection DPO European Union Eviction Free Title GDPR HealtData HouseHold Agreements Italian Bankruptcy Law Italian Business Italian Company Law Italian Corporate Law Italian Criminal Law Italian Debt Recovery Italian Entry Visa Italian Incorporation Italian Intellectual Property Law Italian Legal Advice Italian Privacy Italian Tax Legal guide MedialTreatment Mediation Partnership Patient Personal Data Privacy Processing Research Warranty White Collar Crimes

    Social Links

    • Facebook
    • Instagram
    • LinkedIn

    See also:

    VGS Lawyers

    VGS - Family Lawyers

    © Copyright 2022 | VGS Corporate Lawyers | All right reserved.