+44 (0)20 7612 9612
June 7, 2021
The ICO is calling for views on the first draft chapter of its Anonymisation, pseudonymisation and privacy-enhancing technologies draft guidance.
This first draft chapter, “Introduction to anonymisation”, defines anonymisation and pseudonymisation. It explores the legal, policy and governance issues around the application of anonymisation and pseudonymisation in the context of data protection law. As part of this it explores when personal data can be considered anonymised, if it is possible to anonymise data adequately to reduce risks, and what the benefits of anonymisation and pseudonymisation might be.
The ICO says that it will continue to publish draft chapters for comment at regular intervals, throughout the summer and autumn. Chapters to follow include:
- identifiability: outlining approaches such as the spectrum of identifiability and their application in data sharing scenarios, including guidance on managing re-identification risk, covering concepts such as the “reasonably likely” and “motivated intruder” tests;
- guidance on pseudonymisation techniques and best practices;
- accountability and governance: requirements in the context of anonymisation and pseudonymisation, including data protection by design and DPIAs;
- anonymisation and research: how anonymisation and pseudonymisation apply in the context of research;
- guidance on privacy enhancing technologies (PETs): their role in safe data sharing;
- technological solutions: exploring possible options and best practices for implementation; and
- data sharing options and case studies: supporting organisations to choose the right data sharing measures in a number of contexts, including sharing between different organisations and open data release.
The call for views closes on 28 November 2021. The ICO will consult on the full draft guidance in the autumn. To access the first chapter of the draft guidance and for details on how to provide feedback, click here.