Pseudonymised and anonymised data
Pseudonymised personal data
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific person without the use of additional information. Such additional information must be kept carefully separate from personal data.
Pseudonymised data can still be used to single individuals out and combine their data from different records.
They are still personal data and their processing is subject to data protection regulations.
The encoding of personal data is an example of pseudonymisation. Encoded data cannot be connected to a specific individual without a code key. For the holder of the code key, however, decoding the records and identifying each data subject remains a simple task. Personal data can also be protected with false names. For example, a data item related to the individual can be replaced with another in a database. Pseudonymisation is a commonly employed method in research and statistics.
Anonymisation refers to the processing of personal data in a manner that makes it impossible to identify individuals from them. For example, the data can be rendered down to a general level (aggregated) or converted into statistics so that individuals can no longer be identified from them. The prevention of identification must be permanent and make it impossible for the controller or a third party to convert the data back into identifiable form with the information held by them.
Anonymisation must take into account all reasonably viable methods for converting the data back to an identifiable form. Factors such as the costs of identification, time required to identify the data subjects and available technologies must be taken into consideration in the assessment of the possibility of identification. The controller must also prepare for the eventuality that the passage of time and advancement of technology could weaken the anonymisation.
Anonymised data are no longer considered to constitute personal data and are not subject to data protection regulations.
Whether an individual data item can be considered anonymous or not requires case-by-case evaluation. Individuals can be identified by other data than their names. Thus, simply deleting the names and other identifying data will not always render all data in a personal data file anonymous. The collected material can contain detailed information on individuals (e.g. rare diseases or a sufficient amount of different types of data) which makes them indirectly identifiable.
If a controller discloses parts of a data set from which all original, identifiable data items have not been deleted, the resulting material still contains personal data. The processing of such materials remains subject to data protection regulations.
What is personal data?
GDPR: articles 2, 4(1), 4(5); recitals 14, 15, 26, 27, 29, 30 (EUR-Lex)
Opinion 4/2007 on the concept of personal data (pdf)
Opinion 05/2014 on Anonymisation Techniquea (pdf)