zlacker

[parent] [thread] 4 comments
1. Shaani+(OP)[view] [source] 2019-07-24 12:36:41
That seems correct.

From an article on the subject:

>Recital 26 of the GDPR defines anonymized data as “data rendered anonymous in such a way that the data subject is not or no longer identifiable.” Although circular, this definition emphasizes that anonymized data must be stripped of any identifiable information, making it impossible to derive insights on a discreet individual, even by the party that is responsible for the anonymization.

replies(1): >>shusso+z1
2. shusso+z1[view] [source] 2019-07-24 12:47:44
>>Shaani+(OP)
it is not clear to me if this covers re-identifying.
replies(1): >>Zenst+R5
◧◩
3. Zenst+R5[view] [source] [discussion] 2019-07-24 13:17:07
>>shusso+z1
I'd say that is pretty clear-cut with "making it impossible to derive insights on a discreet individual"

If it is possible, it's not anonymous per GDPR's definition and that is what counts.

replies(1): >>shusso+sb
◧◩◪
4. shusso+sb[view] [source] [discussion] 2019-07-24 13:54:28
>>Zenst+R5
> "making it impossible to derive insights on a discreet individual"

doesn't clarify how much information you already have about the individual. There is a distinction between being able to identify someone without any prior knowledge about them vs re-identifying them. I don't think the GDPR is clear about that.

replies(1): >>Zenst+CS
◧◩◪◨
5. Zenst+CS[view] [source] [discussion] 2019-07-24 18:08:55
>>shusso+sb
Interesting - would an example of what you outline be say a digital voice recording. Which, unless you know who is in the recording, you have no way to associate that digital data with an individual.

Would that example fall within the remit you outline and as such - skirt the whole GDPR aspect?

[go to top]