On 01/04/19, Moreno Andreo (moreno.andreo@evolu-s.it) wrote:
...
> I'm not forced to use pseudonimysation if there's the risk to get
> things worse in a system. I've got to speak about these"two opposing
> forces at work" to a privacy expert (maybe choosing another one, as
> Peter suggested :-) ) and ask him if it could be used as a matter of
> declining pseudonymisation because of "pseudonimysation puts at risk
> overall performance or database integrity"
How to interpret the pseudonymisation conditions is ... complicated. The
UK's Information Commissioner's Office (ICO) writes that
pseudoanonymisation relates to:
“…the processing of personal data in such a manner that the personal
data can no longer be attributed to a specific data subject without
the use of additional information, provided that such additional
information is kept separately and is subject to technical and
organisational measures to ensure that the personal data are not
attributed to an identified or identifiable natural person.”
and that this "...can reduce the risks to the data subjects".
The concept of application realms may be relevant to consider here. An
application may be considered GDPR compliant without pseudonymisation if
other measures are taken and the use case is appropriate.
On the other hand, a copy of a production database in testing which has
been pseudonymised may, if compromised, still leak personal data. As the
ICO states:
“…Personal data which have undergone pseudonymisation, which could
be attributed to a natural person by the use of additional
information should be considered to be information on an
identifiable natural person…”
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/
If leakage occurs pseudonymisation has achieved nothing.
Therefore it may be useful to determine if data in a usage realm should
be either fully anonymised or not at all. In the latter case the normal
GDPR controls must all pertain.
Rory
