Data protection and anonymous data: European law perspective
There are several legal ways, how to collect and process data. The article describes the legal regulation of the use of anonymous data under the Directive 95/46/EC (find full text here, referred to as “Directive 95/46/EC”) and Directive 2002/58/EC (find full text here, referred to as “Directive 2002/58/EC). The issue is more complex than it might seem.
The term “anonymous” data
The concept of “anonymous” data usually depends on national legislation. Most of the time, it is not expressly defined and is derived from the definition of personal data. Such method is also used in the regime of the Directive 95/46/EC. The Article 2(a) of the Directive defines “personal data”:
any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
The important term is “identified or identifiable” natural person. If data cannot identify natural person, then the Directive 95/46/EC does not apply and the data processor or collector does not need to satisfy the specified criteria. It represents a possibility how to avoid the requirements of consent, notification, etc. Accordingly, under this concept, data, that are not identified or identifiable to a natural person, are anonymous data.
Principles of the use of “anonymous” data resulting from Directives
As noted above, the term “anonymous data” does not have an explicit definition in either of the Directives. However, the term is used several times in recitals, important in the interpretation of the articles of the Directives.
Pursuant to the Recital No. 26 of the Directive 95/46/EC, “the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable.”
The recital confirms the principle that anonymous data can be used without restrictions specified in the Directive 95/46/EC.
Minimization of the use of personal data
The recitals of the Directive 2002/58/EC include another principle. They stress the minimization of the use of personal data.
For instance, pursuant to the Recital No. 9,
“(t)he Member States (…) should cooperate in introducing and developing the relevant technologies where this is necessary to apply the guarantees provided for by this Directive and taking particular account of the objectives of minimising the processing of personal data and of using anonymous or pseudonymous data where possible.”
Based on these provisions, it is possible to argue that one of the goals of the data protection is to minimize the use of personal data. That’s why, in the analysis of the purpose of the data processing or collection, it is always necessary to take this principle into consideration.
The principle of erasing data or making them anonymous after their use
Recitals 26 and 28 of the Directive 2002/58/EC develops the minimization principle:
Recital no. 28 describes “(t)he obligation to erase traffic data or to make such data anonymous when it is no longer needed for the purpose of the transmission of a communication (…)”.
Furthermore, the Recital no. 26 states, that: “(t)raffic data used for marketing communications services or for the provision of value added services should also be erased or made anonymous after the provision of the service.”
Article 6 of the Directive includes the obligation:
Traffic data relating to subscribers and users processed and stored by the provider of a public communications network or publicly available electronic communications service must be erased or made anonymous when it is no longer needed for the purpose of the transmission of a communication without prejudice to paragraphs 2, 3 and 5 of this Article and Article 15(1).
The Directive deals with the term “traffic data”. According to Article 2(b),
(b) “traffic data” means any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof.
Even though the Directive regulates traffic data, these provisions support the principle of minimization of the use of data in general. European legislation introduced the principle to erase data or make them anonymous for traffic data, which include any data processed pursuant to the Article 2(b) of the Directive 2002/58/EC, either personal or anonymous. If the European law requires the application of the principle for some anonymous data, which represent a lower thread to personal protection, it is legitimate to argue that the principle applies for all personal data. However, the interpretation needs to be addressed by relevant authorities, in particular by the decision of the European Court of Justice.
Anonymous data and the new Data Protection legislation
The Proposal of the General Data Protection Regulation (find the full text here, referred to as the Proposal) lacks the definition of the term “anonymous” data. Its only appearance is in the Recital No. 23, which repeats the principle that anonymous data can be used without restrictions specified in the Directive 95/46/EC or in the Proposal.
The overview of principles
Pursuant to these Directives, and in accordance with similar principles referred to in the Article 6 of the Directive 97/66/EC (find the full text here) or in the protection of human cells in the Article 14 of the Directive 2004/23/EC (find the full text here), there are several principles associated with anonymous data.
Firstly, if data are anonymous, they can be used without restrictions specified in the data protection legislation. Secondly, there is a principle of the minimization of the use of personal data. Finally, data should be erased or made anonymous when they are no longer needed for the specific purpose.
Conclusion and future discussion
These principles raise several further questions. It is argued that anonymity is “the main form of protection of the rights of the subjects whose data are processed” (Gutwirth, S. et al., p. 91). However, in the brilliant analysis written by the cited authors, they analyze the “anonymization” of data from both legal and IT point of view. There are several important problems, such as the role of third parties, the decrease of the quality of data, the criteria used for the determination of the possibility to identify data to a specific natural person, etc.
Moreover, the procedure of the “anonymization” of data raises many privacy issues. Data collector collects data with an intention to make them anonymous and use them accordingly. However, at the time of the collection, they were personal. Does the data collector need data subject’s consent? What if there is a breach of data before their anonymization?
As many other articles in this area, these questions do not have exact answers. They are open for discussion. Feel free to comment or share your experience in this area here.
Gutwirth, S. et al 2013 European Data Protection: Coming of age. Dordrecht : Springer.
Note: This article is intended as a summary of issues. Its purpose is not a to provide legal advice or create an attorney-client relationship between you and the author of this article.