August 28, 2020
Written by
Gary LaFever
Benefits of Pseudonymisation Under the GDPR

Benefits of Pseudonymisation Under the GDPR

Anonymisation under the GDPR requires irrevocably severing all links between data and the data subject. In contrast, Pseudonymisation (as newly defined under GDPR Article 4(5)) means maintaining those links (suitably accessible by encrypted keys and the like) in the hands of authorized parties only and requiring access to secured keys to see the underlying data or to reveal linkages to underlying data. For example, imagine that someone with an incurable medical condition is having their health data used to further investigational drug discovery. If an effective drug is discovered, GDPR-defined pseudonymisation would enable the person to be contacted, treated and cured, whereas anonymisation would make it theoretically impossible to find that person again.

In addition to being a specifically enumerated means of helping to achieve Data Protection by Design and by Default, pseudonymisation is cited more than ten additional times in the GDPR as an exemplary safeguard to help “harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data” while enabling the free flow of data to advance legitimate business objectives.

A long-standing tenet of EU data protection law, embodied in the GDPR, is the concept of data minimisation. This includes disclosing the smallest amount of data necessary to the smallest number of people needing it and being able to disclose different data to different people, all in accordance with those persons’ actual minimum authorized data use needs and requirements. Data minimisation principles are at the heart of Data Protection by Design and by Default requirements.

The principle of “Functional Separation” involves using technical and organisational safeguards to separate information value from identity to enable the discovery of trends and correlations independent from applying the insights gained to the data subjects concerned. Under the GDPR, Functional Separation is embodied within the definitional requirements for GDPR compliant pseudonymisation that the information value of data is separated from identity and that additional secured information is required to relink information value to identity only under authorized conditions. The principal of Functional Separation exists under other evolving data protection laws using different terms - e.g., “De-Identification” under the California Consumer Protection Act and the proposed Indian Data Privacy Law and “Anonymization” under the Brazil Data Protection Law.

Ralf Helkenberg, IDC Research Manager - European Privacy and Data Security, says “Anonos technology is poised to tackle the many new challenges of the digital transformation revolution, with state-of-the-art technology that pushes the boundaries of how we gain value from data. In a globally-connected world focused on data sharing, AI, ML and Big Data, Anonos Data Embassy allows a future in which both de-identification, and data asset maximisation, are enabled.”

Pseudonymisation has gained attention recently with its explicit codification in the GDPR. Article 4(5) of the GDPR now specifically defines Pseudonymisation as “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.” Static tokenisation (where a common token is used to replace different occurrences of the same value – e.g., replacing all occurrences “James Smith” with “ABCD”) fails to satisfy GDPR definitional requirements since unauthorized re-identification is “trivial between records using the same pseudonymised attribute to refer to the same individual.” As a result, static tokenisation does not satisfy the “Balancing of Interest” test necessary for Article 6(1)(f) Legitimate Purpose legal basis processing nor is it included in the technical safeguards listed in Article 6(4) to help ensure that Analytics & AI processing is a lawful compatible purpose.

The Article 29 Working Party has highlighted “the special role that safeguards play in reducing the undue impact on the data subjects thereby changing the balance of rights and interests to the extent that the data controller’s legitimate interests will not be overridden” and “safeguards may include technical and organizational measures to ensure functional separation” and ”Pseudonymisation…will play a role with regard to the evaluation of the potential impact of the processing on the data subject, and thus, may in some cases play a role in tipping the balance in favour of the controller.”

The Article 29 Working Party further highlights that “Functional separation includes secure key-coding personal data transferred outside of an organization and prohibiting outsiders from re-identifying data subject” by using “rotating salts” or “randomly allocated” dynamic versus static, persistent or recurring tokens.GDPR compliant pseudonymisation, therefore, represents a unique means to support lawful Analytics, AI & ML processing by technically enforcing functional separation protection as a supplement to other practical and contractual protection to render unauthorized use of EU personal data difficult or even impossible.

“Anonos state-of-the-art pseudonymisation technology provides something different, in a market in which many organizations have not yet fully recognized the potential their data has,” added Ralf Helkenberg. “The either-or choice between data privacy and utility is turned upside-down by Anonos BigPrivacy, a technology that innovates, protects, and revolutionises the world of data asset utilisation. With numerous worldwide disruptions to data sharing and use, technologies like BigPrivacy can help businesses to keep moving.”

Anonos BigPrivacy technology helps to safeguard the rights and interests of data subjects by technically enforcing data minimisation, Data Protection by Design and by Default and Functional Separation principles leveraging certified GDPR compliant pseudonymisation. This approach reconciles the growing importance of Big Data processing with increasingly complex and multi-jurisdictional restrictions on lawful data use. Equally important, BigPrivacy uniquely uses dynamic, rather than static pseudonymous identifiers, thereby reducing unauthorized re-identification of personal information via the Mosaic Effect.

For these reasons, BigPrivacy technology uniquely enables data controllers and data processors to unlock the full value of Big Data and maximise the value of information in the global data-driven economy while also respecting the rights of individuals. BigPrivacy enables organisations to move beyond mere compliance and highlight a commitment to ethical, legal, and regulatory compliant operations that benefits customers, brands, reputations, and bottom lines.