The ADR UK partnership has responded to the Information Commissioner’s Office (ICO)’s call for views on its draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies.
The consultation, which will remain open until September 2022, is seeking input from both organisations and individuals to inform the development of the guidance.
Four draft chapters of the guidance have been released so far, and our response focuses on the first three. These chapters discuss issues including anonymisation in data protection law, the identifiability of data, and how pseudonymisation can be used to protect personal data.
Our response emphasised the following key points:
- This guidance is a welcome addition to the field, but it needs to be accessible. Data practitioners at all levels of experience should be able to use it effectively to inform their data protection work.
- We must be clear about the differences between anonymisation, pseudonymisation and de-identification – and what they mean in practice. Confusion between these concepts can lead to public distrust of data protection measures, so they need to be differentiated clearly and consistently.
- A balanced view is necessary when determining whether 100% anonymisation is desirable, or even possible. The guidance should consider the feasibility of this process in different contexts, and should focus on retaining the value of data for research purposes while ensuring data security.
We welcome the opportunity to contribute to the development of this guidance, which will support individuals and organisations in their effective anonymisation of data. We will continue to advocate for secure data protection measures that also protect the value of data for research in the public interest, and we look forward to considering further chapters of the guidance as they are published.
Read our full response to find out more about ADR UK’s views on the ICO’s draft guidance.