Measures to protect privacy
Measures to protect privacy
When you process personal data you have the ethical and legal obligation to ensure that personal data are sufficiently protected. The basic level of security must always be in accordance with the information security policy of your university. However, additional measures may be necessary specifically for each processing. The choice of additional security is based on assessment of the risks of the processing. Processing involving more risks will have to be accompanied by a more extensive set of safety measures.
In the area of data protection, anonymisation, pseudonymisation and encryption are put forward by the GDPR and sometimes even required as guarantees.
Pseudonymisation and anonymisaton
When (pseudonymised) personal data are wrongfully assessed as being anonymous data, they most likely lack sufficient protection. This creates an unwanted chance for re-identification and possibly other negative consequences for the data subject(s), researcher(s), the research institution and even for the scientific world.
Pseudonymisation is a security measure. Pseudonymised personal data (in the previously privacy legislation indicated as ‘coded data’) are personal data (possibly sensitive) that can only be associated to an identified or identifiable person by use of a non-public (secret) key. Pseudonymised personal data are still personal data protected by the GDPR, even when you are not in the possession of the decryption of the coded key. If you receive pseudonymised data from a researcher at another university (in the context of secondary use), these remain personal data subject to GDPR and should not be considered to be anonymous.
“I anonymised my data but I can still reverse the process ‘just in case’.”
Anonymous data are data which do not concern an identified or identifiable natural person. Also personal data which are anonymised in such a way that the data subject is not identifiable anymore (by all reasonable means) because the possibility for identification has been made irreversible by means of a processing technique.
Data that do not include names or contact information are often too easily seen as anonymous. However, IP addresses and audio/video recordings of interviews for instance should also been seen as identifiable data. In some cases, there may not be any data that can identify individuals directly but do allow identification when put togehter. For instance, when you know for which company someone works and what their function is in combination with some demographic information (such as age and gender), it may become possible to identify certain individuals.
Anonymous data are not personal data and do not fall within the scope of the GDPR.
Pay attention, if you only process anonymised data, it is still important to evaluate the ethical aspects on the collection and processing of these data.
Data which are, with reasonable effort, traceable to original individuals are not anonymous data, but are still personal data whereby they fall within the scope of the GDPR. For this reason, many types of research data (e.g. qualitative data, big data sets with a broad range of personal data, …) are difficult to anonymise completely.
Data that do not include names or contact information are often too easily seen as anonymous. However, IP addresses and audio/video recordings of interviews for instance should also be seen as identifiable data. In some cases, there may not be any data that can identify individuals directly but do allow identification when put together. For example: when you know for which company someone works and what their function is in combination with some demographic information (such as age and gender), it may become possible to identify certain individuals
Pay attention, if you are still working with identifiable personal data at the beginning and during the anonymising process, the GDPR still applies.