The Bridging the gap between legal and technical anonymisation project aims to develop a set of rules, requirements and best practices for practitioners that wish to anonymise data in compliance with GDPR, with a focus on big data such as IoT data.
Big data can benefit the public and private sectors in many ways, especially when it comes to science, policy-making and innovation. Anonymisation makes it significantly easier to legally use data for a broad range of uses, as anonymous data is typically outside the scope of data protection laws — such as the GDPR. However, there is currently a gap between the legal and technical interpretations of anonymity, which can lead to uncertainty for organisations regarding the expected outcome of anonymisation.
The Bridging the gap between legal and technical anonymisation project will perform a case analysis to identify previous examples where it was difficult to determine whether data had been correctly anonymised or not. These will be evaluated both from a legal and from a Privacy Engineering perspective, to identify where these align and where they diverge.