Anonymisation, do we really understand it and do we understand the implications of it?
Anonymisation goes to the heart of our relationship with data, affecting how we use it and how we protect it. Legally anonymisation is defined as the irreversible masking of data such that individual attribution is no longer possible. A state of partial anonymisation is also possible, known as ‘pseudo-anonymisation’ in which it is possible to reverse the anonymisation process, through encryption keys or another similar methods.
However, pseudo-anonymised data is still treated as personal data and subject to GDPR in the same manner as non-anonymised personal data but unlike anonymised data. The processes for anonymising data are often poorly understood with significant technical challenges, leaving much debate over the reversibility of anonymised data in practice. Given the legal implications of this distinction, the ambiguity presents a significant issue for data holders.
Putting aside the technical challenges of anonymising data, there are questions around why it’s used and to what gain? The vast majority of data collected is regarded as personal under GDPR due to the recording of personal attributes that can be linked back to an individual. Anonymising such data provides a method for data holders to curtail their legal obligation to GDRP when handling the information.
This can be a great benefit or a significant detriment to the value of the data. On the one hand data can be processed, moved and shared more freely, but on the other the meta-data linked to the identity of individuals holds an intrinsic value that is lost upon anonymisation. The value of personal data often goes beyond the data itself as meta-data and more recently inferred-data is gathered. Inferred-data allows for data to be gathered from analysis of real data, creating assumptions about individuals that are often surprisingly accurate. While inferred data is still personal data, there is more dubiety about the practical implications of anonymising such results. Does for example, the process of removing a user’s personal data from a source of real and inferred data allow for anonymisation, or does it leave a gap that is structured in a way it can in fact still identify the individual ?
Perhaps we should question if we have had a detailed or sophisticated enough debate on this subject to understand the issues in play with anonymisation. Are we honest about the level of anonymisation that legislation requires and are we capable of complying with it?
Are you interested to hear more on anonymisation? The webinar ‘Anonymisation – Is it a double edges sword?’ webinar? was facilitated by SASIG Events and a recording of the webinar is on SASIG’s website. Membership of SASIG is free and available to cybersecurity frontliners.
Tarquin Folliss OBE
Tarquin Folliss served in government for over 30 years, first in the military and then, for 27 years, in the Foreign and Commonwealth Office. He finished his career as a senior diplomat focusing on national security policy. He served overseas in Asia Pacific, Europe and the Middle East. In 2013 he retired and has worked since in the private sector, predominantly with technology companies.