New Data Protection Handbook Outlines Alternative Test for Determining Anonymisation
"A new handbook on European data protection laws contains a different test from the one used by the UK's ICO for determining whether data is personal or anonymised for the purposes of data protection law. The document is non-binding but is designed to ""raise awareness and improve knowledge of data protection rules in European Union and Council of Europe member states"". EU data protection rules apply to the personal data of living 'data subjects' and not to where that data has been anonymised. Absolute anonymisation has become increasingly difficult in recent times due to the increasing volumes of data being generated and the availability of powerful technologies that allow information from one data set to be linked to information elsewhere. The watchdog's code made clear that the ICO would be unlikely to take enforcement action against organisations that disclose data they believe to have been anonymised when in fact it was not where those organisations could show they had ""made a serious effort to comply with the DPA and had genuine reason to believe that the data it disclosed did not contain personal data or present a re-identification risk."""