The EU’s Article 29 Working Party has adopted an Opinion on Anonymisation Techniques (Opinion 05/2014). The Opinion analyses the effectiveness and limits of existing anonymisation techniques, and provides recommendations for use of these techniques in light of the residual risk of identification inherent in each of them.
The Data Protection Directive (95/46/EC) recognises that when data is anonymised it falls outside the scope of data protection law. However the Directive does not clarify how data should be anonymised so as to make a person no longer identifiable.
The Opinion notes that anonymity is interpreted differently across the EU, and differences exist in what is considered as an acceptable level for the risk of re-identification. It discusses the two main anonymisation techniques, namely randomisation and generalization. It considers the strengths and weaknesses of each technique based on three criteria: (i) Is it still possible to single out an individual? (ii) Is it still possible to link records relating to an individual? And (iii) Can information be inferred concerning an individual?
It also looks at pseudonymisation, noting that it is not a method of anonymisation, but rather reduces the linkability of a dataset with the original identity of a data subject, and is accordingly a useful security measure.
The Opinion warns that an anonymised dataset can still present residual risks to data subjects. Therefore anonymisation should not be regarded as a one-off exercise, and data controllers should frequently reassess the attending risks.