The UK Information Commissioner’s Office is calling for views on the first draft chapter of its Anonymisation, pseudonymisation and privacy enhancing technologies draft guidance.
The first of the seven-chapter guidance explores the legal, policy and governance issues around the application of anonymisation and pseudonymisation in the context of data protection law.
The ICO will explore when personal data can be considered anonymised, the benefits of anonymisation and pseudonymisation, and if it is possible to anonymise data adequately to reduce risks.
By sharing its first draft chapter, the ICO hopes to gather feedback to help refine and improve the final guidance.
The remaining draft chapters will be published at regular intervals throughout the summer and autumn.
The following chapters include:
- Identifiability – outlining approaches such as the spectrum of identifiability and their application in data sharing scenarios, including guidance on managing re-identification risk, covering concepts such as the ‘reasonably likely’ and ‘motivated intruder’ tests;
- Guidance on pseudonymisation techniques and best practices;
- Accountability and governance requirements in the context of anonymisation and pseudonymisation, including data protection by design and DPIAs;
- Anonymisation and research - how anonymisation and pseudonymisation apply in the context of research;
- Guidance on privacy enhancing technologies (PETs) and their role in safe data sharing;
- Technological solutions – exploring possible options and best practices for implementation; and
- Data sharing options and case studies – supporting organisations to choose the right data sharing measures in a number of contexts including sharing between different organisations and open data release. Developed with key stakeholders, our case studies will demonstrate best practice.
The consultation closes on 28 November 2021.