Anonymisation and pseudonymisation are two key methods of personal data protection. Anonymisation removes personal details from data so no one can tell who is the data subject anymore. Pseudonymisation replaces data, such as names, with fake ones but can be traced back if needed.
What is Anonymisation?
Anonymisation means altering personal data in such a way that no one can identify to whom it belongs. It’s like erasing all names and addresses from a set of forms. This process removes or changes details like names, ID numbers, and locations, making the data “anonymous.”
It is important to note that the anonymisation process is not reversible.
Once the data has been Anonymisized, it is not possible to circle back and identify the individual. Anonymisation is a process that tries to find the right balance between reducing the re-identification risk and keeping the utility of a dataset for the envisaged purpose(s).
Data anonymization is defined in ISO standard (ISO 29100:2011) as:
"PROCESS BY WHICH PERSONALLY IDENTIFIABLE INFORMATION (PII) IS IRREVERSIBLY ALTERED IN SUCH A WAY THAT A PII PRINCIPAL CAN NO LONGER BE IDENTIFIED DIRECTLY OR INDIRECTLY, EITHER BY THE PII CONTROLLER ALONE OR IN COLLABORATION WITH ANY OTHER PARTY"
A robust anonymisation process aims to reduce the re-identification risk below a certain threshold. Such threshold will depend on several factors such as the existing mitigation controls (none in the context of public disclosure), the impact on individuals’ privacy in the event of re-identification, the motives and the capacity of an attacker to re-identify the data.
The Challenge of Complete Anonymisation
Achieving total anonymisation is a challenge nowadays. With so much online information, someone could re-identify anonymous data by connecting different pieces of information.
For example, even if a user doesn’t have a name or a username, someone might guess who it is by connecting their location data with their latest interests.
Anonymisation and Data Protection
According to recital 26 of the GDPR , anonymous data is “information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable”.
There are many uses for processing personal data, including for further improvement and analysis. However, for such purposes, it is not necessary to keep identified or identifiable personal data.
Fully ‘anonymised’ data does not meet the criteria necessary to qualify as personal data and is therefore not subject to the same restrictions placed on the processing of personal data under the GDPR. However, it is challenging to achieve “full anonymisation”.
What is Pseudonymisation?
Data protection risks can be mitigated by pseudonymisation. In accordance with the EU’s personal data protection legislation, pseudonymisation is defined as the act of processing personal data so that it can no longer be attributed to a specific individual without further information.
Pseudonymisation is like giving data a disguise. It replaces personal details, like names, with something else – often a code or a random identifier. This means the data doesn’t directly reveal who it’s about but is not completely anonymous either.
How Does It Differ from Anonymisation?
Unlike anonymisation, pseudonymisation doesn’t erase all links to a person. Instead, it keeps a way to re-identify the data if needed, usually with additional information kept separately. It’s like Spiderman and Peter Parker. With the mask on, you can’t identify Peter, but you could if you removed it.
Key Differences Between Anonymisation and Pseudonymisation
Here’s how anonymisation differs from pseudonymisation:
-
Legal Compliance –
Under GDPR, anonymised data is out of the scope since it’s no longer personal data (it does not identifiable, if full anonymization is achieved). However, pseudonymised data still falls under GDPR, as the real identities can be revealed with a additional information or mask removal.
It is important to mention that while the GDPR does not require pseudonymisation by default (per Article 25(2)), certain national data protection laws, such as the German GDPR Implementation Law, do impose strict pseudonymisation requirements.
-
Re-identification Risk –
In Anonymisation, the risk of re-identifying individuals is significantly lower. In contrast, pseudonymisation masks data with potential for re-linking to the individual through separate or additional information.
Advantages and Limitations
Advantages of Anonymisation
- Anonymisation effectively protects individual privacy by removing personal identifiers, making it impossible to trace the data back to an individual.
- This method aligns well with privacy regulations like the GDPR, as anonymised data is no longer considered personal data, thus reducing legal risks.
- Anonymised data can be useful for research, statistical analysis, and scientific advancements without compromising individuals’ privacy.
Limitations of Anonymisation
- It is challenging to achieve full anonymization as re-identifying individuals exists, especially with the advancement of data matching and AI technologies.
- Anonymisation often strips data of valuable details that could be useful for analysis, potentially limiting its usefulness for detailed research or personalisation services.
- Achieving true anonymisation is challenging and often requires sophisticated processing, making it resource-intensive.
Advantages of Pseudonymisation
- Pseudonymisation hides identities but allows data to be linked back to individuals if necessary, maintaining a balance between data usability and privacy.
- Pseudonymization reduces the risk of personal data being misused or disclosed without consent by removing or replacing direct identifiers.
- By separating data from direct identifiers, organizations can minimize the impact of a data breach, since hackers will only be able to access pseudonymous information.
Limitations of Pseudonymisation
- Pseudonymized data may have less utility depending on the method used, as some data elements may be lost or altered
- Pseudonymization requires specialized expertise, technology, and processes, and can be complex and resource-intensive.
- Pseudonymized data is still personal data and applicable data privacy laws and regulations apply.
Conclusion
In summary, there are significant differences between pseudonymisation and anonymisation. Pseudonymization allows greater flexibility in data use, while anonymization provides greater privacy. It is essential to understand their advantages and limitations to effectively manage data in an interconnected digital world. It is important to understand the differences between them as it is what determines whether or not the GDPR applies.
Noa Kahalon
Noa is a certified CIPM, CIPP/E, and a Fellow of Information Privacy (FIP) from the IAPP. Her background consists of marketing, project management, operations, and law. She is the co-founder and COO of hoggo, an AI-driven SaaS platform for B2B trust where sellers can showcase & improve compliance and buyers can evaluate, manage and monitor them.