Introduction to anonymisation
The ICO is calling for views on the first draft chapter of its Anonymisation, pseudonymisation and privacy enhancing technologies draft guidance. We are sharing our thinking in stages to ensure we gather as much feedback as possible to help refine and improve the final guidance, which we will consult on at the end of the year.
This first draft chapter, Introduction to anonymisation, defines anonymisation and pseudonymisation. It explores the legal, policy and governance issues around the application of anonymisation and pseudonymisation in the context of data protection law.
As part of this we explore when personal data can be considered anonymised, if it is possible to anonymise data adequately to reduce risks, and what the benefits of anonymisation and pseudonymisation might be.
We will continue to publish draft chapters for comment at regular intervals, throughout the summer and autumn. As outlined in Building on the data sharing code – our plans for anonymisation guidance, chapters to follow include:
- Identifiability – outlining approaches such as the spectrum of identifiability and their application in data sharing scenarios, including guidance on managing re-identification risk, covering concepts such as the ‘reasonably likely’ and ‘motivated intruder’ tests;
- Guidance on pseudonymisation techniques and best practices;
- Accountability and governance requirements in the context of anonymisation and pseudonymisation, including data protection by design and DPIAs;
- Anonymisation and research - how anonymisation and pseudonymisation apply in the context of research;
- Guidance on privacy enhancing technologies (PETs) and their role in safe data sharing;
- Technological solutions – exploring possible options and best practices for implementation; and
- Data sharing options and case studies – supporting organisations to choose the right data sharing measures in a number of contexts including sharing between different organisations and open data release. Developed with key stakeholders, our case studies will demonstrate best practice.
Input at this early stage can make a significant difference as we will use the responses we receive to inform our work in developing the guidance.
This call for views is the first stage in the process and we will consult on the full draft guidance in the autumn. You can provide your feedback by emailing email@example.com.
When submitting your views, please specify which chapter you are referring to.