Pseudonymization and anonymization

Pseudonymization and anonymization
Kategorien:

Why is it often better to talk about C3PO instead of Max Meier in the sales statistics?

Introduction to anonymization and pseudonymization

 

What do the Hollywood blockbuster "The Imitation Game" and data protection have in common? Both are about protecting data or personal data from unauthorized access by third parties. They prove that data protection can also offer Hollywood-worthy excitement. In the following lines, we would like to show you how you can possibly save yourself a lot of "drama" with the supervisory authorities.

First, we would like to briefly explain the differences between anonymized and pseudonymized data. We will then explain why you should consider this topic.

What is anonymized data?

Compared to pseudonymized data, anonymized data does not enjoy the privilege of a so-called "legal definition" in the GDPR. This means that there is no definition of anonymized data in the GDPR.

Anonymized data is generally understood to be data that has no personal reference (surname, first name, email address, tax ID, etc.). However, when such a personal reference is to be denied has been disputed for some time and is subject to the imponderables of technological progress. When formulating the GDPR, the legislator made a conscious decision to dispense with a legal definition and leave this responsibility to users, supervisory authorities and the courts. In summary, the discussion revolves around which standard should apply to the "personal reference". Is it solely based on whether a personal reference can be denied for the specific data controller (subjective theory) or is the theoretical possibility that someone establishes a personal reference in some way and with the help of all possible means sufficient to affirm this (objective theories)?

According to recital 26 of the GDPR, the means and knowledge of the controller for the purpose of establishing the personal reference must first be considered, but then it must also be examined whether it would also reasonably obtain additional knowledge that is objectively and legally available. The European legislator is trying to find a compromise here.

A data record can therefore be anonymous for one body and have a personal reference for another body.

If in doubt, you should therefore not consider the data set to be anonymous and take appropriate security measures in accordance with the requirements of the GDPR and national data protection regulations.

Now that we have taken a closer look at anonymous data, we would like to turn our attention to its little brother, pseudonymized data.

What is pseudonymization and what is pseudonymized data?

 

These are thankfully explained indirectly in Art. 4 No. 5 GDPR. "Pseudonymization" is described as the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Pseudonymized data is therefore personal data whose direct personal reference has been replaced by a pseudonym (e.g. "C3PO" instead of "Martin Mustermann" or the personnel number instead of the name), but is still indirectly present. This pseudonym can be converted into a direct personal reference using a tool.

When assessing whether a data set has been sufficiently alienated or pseudonymized, the current state of the art plays an important role, as it does when assessing anonymous data sets. A guideline with clear rules or supporting software for pseudonymization and defined access authorizations are helpful to ensure pseudonymization.

What is the difference between anonymized and pseudonymized data?

In contrast to merely pseudonymized data, anonymized data no longer contains any personal reference. They therefore no longer fall within the scope of the GDPR if no natural person can be identified with their help at the time of assessment. Please note, however, that this assessment may turn out differently at a later date.

In contrast to anonymized data, pseudonymized data still falls within the scope of the GDPR and other data protection laws such as the BDSG and the TTDSG. In this case, the personal reference is still contained in the pseudonym and a natural person can still be identified.

Why should you deal with pseudonymization and pseudonymized data?

Although pseudonymized data is subject to data protection, working with pseudonymized data records is easier in terms of data protection law. For example, the pseudonymization of data records is considered an additional protective measure that can be taken to transfer data to the USA in compliance with data protection law with the help of standard contractual clauses. Furthermore, the pseudonymization of personal data is a technical and organizational protection measure pursuant to Art. 32 para. 1 lit. a GDPR, which contributes to the security of the processing of personal data.

When weighing up the legitimate interest in accordance with Art. 6 Para. 1. S. 1. lit. f GDPR, this is more likely to be in your favor if you only use pseudonymized data.

By pseudonymizing data, you can also significantly reduce your data protection risks and the risks for the data subject.

The advantages are even greater with anonymized data. As mentioned above, anonymized data frees you from the "constraints" of data protection. You do not need a legal basis for processing anonymized data. Among other things, you do not have to adhere to the principles of data minimization and can store the anonymized data records indefinitely. If anonymized data records are stolen, you generally do not have to report this to your competent data protection supervisory authority.

From a data protection perspective, you should ask yourself whether you can work with anonymized or at least pseudonymized data for every analysis and statistic that you carry out or collect in your company.

Such data records are often sufficient, for example, to analyze general customer or click behavior on websites and to develop corresponding optimization strategies.

Our experience also shows that anonymized and pseudonymized data records are often completely sufficient for carrying out statistical surveys on sales figures, employee parking space occupancy or the most popular canteen food, for example.

Employees often develop new solutions to known problems when working with anonymized data sets, as they are not restricted by real names.

If you have any questions regarding the anonymization or pseudonymization of your customer data, employee data or other data, we will be happy to advise you.

Tags:
Share this post :
en_USEnglish