Pseudonymised Data Is Personal Data ' But In Whose Hands? ICO Calls For Views On Third Chapter Of Draft Anonymisation Guidance

Published date21 February 2022
Subject MatterPrivacy, Data Protection, Privacy Protection
Law FirmHerbert Smith Freehills
AuthorMr Duc Tran and Sara Lee

On 7 February 2022, the Information Commissioner's Office ("ICO") announced the publication of the third chapter of its draft guidance on anonymisation, pseudoymisation and privacy enhancing technologies (the "Draft Guidance"). Following on from the first and second chapters published on 28 May 2021 and 8 October 2021, respectively, which focus on anonymisation, the new third chapter aims to clarify the much debated concept of pseudonymisation.

In addition to our previous blog post on the first chapter of the Draft Guidance, this blog post summarises some of the key concepts in the second and third chapters, focusing on pseudonymisation.

Pseudonymisation in a nutshell

In the context of data protection law, pseudonymisation refers to the process of replacing, removing or transforming data, so that it is unidentifiable without additional information (e.g. replacing names or other identifiers with codes or reference numbers), but re-identifiable to the extent that a party has access to such additional information, allowing them to reconstruct the original personal data and identify the relevant individuals. As such, pseudonymised data is only treated as being 'effectively anonymised' if the recipient of such data does not have the additional information to 'decode' it.

Identifiability: the 'whose hands' question

The second chapter of the Draft Guidance honed in on the concept of identifiability and its key indicators (i.e. singling out, linkability, and inferences), noting that an individual may be identifiable even without personal information (e.g. names) if other information that is unique to them remains.

The ICO therefore explained that data which undergoes anonymisation or pseudonymisation techniques should only be treated as 'effectively anonymised' where the likelihood of identifiability is sufficiently remote. The resulting status of the data will depend on the context and respective 'hands' of those who process it, namely:

  • whether the person holding the data is able to access and use additional information to identify the data subject (either information in their possession or in the public domain);
  • whether it is reasonably likely that this person will actually identify the data subject (e.g. considering broad factors such as the cost of and time required for identification and the state of technology at the time of processing); and
  • the techniques and controls placed around the data when it is in this person's hands.

When considering whether it...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT