Functional anonymisation: Personal data and the data environment

Mark Elliot (Lead Author), Kieron O’Hara, Charles Raab, Christine M. O'Keefe, Elaine Mackey, Chris Dibben, Heather Gowans, Kingsley Purdam, Karen McCullagh

Research output: Contribution to journalArticlepeer-review

25 Citations (Scopus)
38 Downloads (Pure)

Abstract

Anonymisation of personal data has a long history stemming from the expansion of the types of data products routinely provided by National Statistical Institutes. Variants on anonymisation have received serious criticism reinforced by much-publicised apparent failures. We argue that both the operators of such schemes and their critics have become confused by being overly focused on the properties of the data themselves. We claim that, far from being able to determine whether data are anonymous (and therefore non-personal) by looking at the data alone, any anonymisation technique worthy of the name must take account of not only the data but also their environment.

This paper proposes an alternative formulation called functional anonymisation that focuses on the relationship between the data and the environment within which the data exist (their data environment). We provide a formulation for describing the relationship between the data and their environment that links the legal notion of personal data with the statistical notion of disclosure control. Anonymisation, properly conceived and effectively conducted, can be a critical part of the toolkit of the privacy-respecting data controller and the wider remit of providing accurate and usable data.
Original languageEnglish
Pages (from-to)204-221
Number of pages18
JournalComputer Law & Security Review
Volume34
Issue number2
Early online date28 Feb 2018
DOIs
Publication statusPublished - Apr 2018

Keywords

  • anonymisation
  • deidentification
  • deanonymisation
  • statistical disclosure control
  • data environment
  • ADF
  • DDF
  • functional anonymisation
  • release-and-forget
  • obscurity

Cite this