ACN - 101321555 Australasian Human Research Ethics Consultancy Services Pty Ltd (AHRECS)

Resource Library

Research Ethics MonthlyAbout Us

ResourcesHuman Research EthicsOpinion 05/2014 on Anonymisation Techniques – ARTICLE 29 DATA PROTECTION WORKING PARTY (2017)

Australasian Human Research Ethics Consultancy Services Pty Ltd (AHRECS)

Opinion 05/2014 on Anonymisation Techniques – ARTICLE 29 DATA PROTECTION WORKING PARTY (2017)

Published/Released on April 10, 2014 | Posted by Admin on November 30, 2017 / , , , , , , ,

View full details | Go to resource


In this Opinion, the WP analyses the effectiveness and limits of existing anonymisation techniques against the EU legal background of data protection and provides recommendations to handle these techniques by taking account of the residual risk of identification inherent in
each of them.

An interesting, if a bit long and technical, discussion about the anonymization of big data. A hurried kneejerk reaction might be to stop any sharing of large datasets – a situation that wouldn’t be in the public interest. But researchers should consider and research ethics reviewers discuss – Is it necessary to share an entire case (all the variables)? How realistic/practical is it to identify individuals? Are there any risks if individuals are identified? In light of such matters can the sharing of data be ethically justified? Another reason to include a computer scientist on your research ethics committee.

The WP acknowledges the potential value of anonymisation in particular as a strategy to reap the benefits of ‘open data’ for individuals and society at large whilst mitigating the risks for the individuals concerned. However, case studies and research publications have shown how difficult it is to create a truly anonymous dataset whilst retaining as much of the underlying information as required for the task.

In the light of Directive 95/46/EC and other relevant EU legal instruments, anonymisation results from processing personal data in order to irreversibly prevent identification. In doing so, several elements should be taken into account by data controllers, having regard to all the means “likely reasonably” to be used for identification (either by the controller or by any third party).

Anonymisation constitutes a further processing of personal data; as such, it must satisfy the requirement of compatibility by having regard to the legal grounds and circumstances of the further processing. Additionally, anonymized data do fall out of the scope of data protection legislation, but data subjects may still be entitled to protection under other provisions (such as those protecting confidentiality of communications).

Read the full opinion paper

Resources Menu

Research Integrity

Human Research Ethics