Presentation is loading. Please wait.

Presentation is loading. Please wait.

Amandine Jambert - IT Experts Department

Published byJack Mason Modified over 6 years ago

Similar presentations

Presentation on theme: "Amandine Jambert - IT Experts Department"— Presentation transcript:

1 Amandine Jambert - IT Experts Department
WP29 & CNIL POINT OF VIEW ON ANONYMISATION CESS 2016 20/10/2016 Amandine Jambert - IT Experts Department

2 Amandine Jambert - IT Experts Department
Cnil Cnil – French Data Protection Authority Independent Administrative Authority Main missions: Informing & Educating Protecting the Rights of Citizens Regulating & Advising Accompanying the Conformity Anticipating Innovation Inspecting and Sanctioning 20/10/2016 Amandine Jambert - IT Experts Department

3 Amandine Jambert - IT Experts Department
WP29 WP29 (Article 29 Working Party): advisory status and acts independently composed of : 1 representative of the EDPS 1 for each EU Data Protection Authority 1 for the European Commission. 20/10/2016 Amandine Jambert - IT Experts Department

4 Amandine Jambert - IT Experts Department
PERSONAL DATA AND ANONYMOUS DATA: DEFINITIONS Part 1 20/10/2016 Amandine Jambert - IT Experts Department

5 ‘Personal data’ in the EU law
DIRECTIVE 95/46/EC GDPR (General Data Protection Regulation) Recital (26) (…) whereas, to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person;(…) Article 2: 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity; Article 4 : (1) 'data subject' means an identified natural person or a natural person who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person; (2) 'personal data' means any information relating to a data subject; 20/10/2016 Amandine Jambert - IT Experts Department

6 Amandine Jambert - IT Experts Department
‘Personal data ’ sum up A data is a personal data if: It is related to an identified or identifiable individual Identification can be : direct or indirect by the controller or by any other person 20/10/2016 Amandine Jambert - IT Experts Department CNIL

7 ‘Anonymous data’ in the EU law
DIRECTIVE 95/46/EC GDPR (General Data Protection Regulation) Recital (26) (…) the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable; Recital (23) (…) The principles of data protection should not apply to data rendered anonymous in such a way that the data subject is no longer identifiable. (…) 20/10/2016 Amandine Jambert - IT Experts Department

8 ‘Anonymous data ’ sum up
A data is anonymous data if: it is not related to an identified or identifiable individual = it is not a personal data Personal data Anonymous data Privacy law applicable Privacy law not applicable 20/10/2016 Amandine Jambert - IT Experts Department CNIL

9 Amandine Jambert - IT Experts Department
WP29 OPINION & CRITERIA FOR ANONYMOUS DATA Part 2 20/10/2016 Amandine Jambert - IT Experts Department

10 WP29 opinion on Anonymization
Pseudonymous ≠ anonymous. Two options to check if a dataset is anonymous: reidentification risks are negligeable or null OR it has none of the 3 following properties: possibility to single out an individual (‘singling out’) ability to link records of an individual (‘linkability’) possibility to infer* new information on a person (‘inference’). * with overwhelming probability 20/10/2016 Amandine Jambert - IT Experts Department CNIL

11 Evaluation of main techniques
Is singling out still a risk ? Is linkability still a risk ? Is inference still a risk? Pseudonymisation Yes Noise addition May not Substitution Aggregation or K-anonymity No L-diversity Hashing/ Tokenization No single technique eliminates all risks 20/10/2016 Amandine Jambert - IT Experts Department

12 DPA’s recommandations
Prior to anonymization: Specify the planned use of the anonymized dataset Distinguish key attributes from non-critical pieces of information Remove identifiers and infrequent values Find a tailored solution Combine anonymization techniques Document choices Assess the re-identification risk and have your assessment validated Afterwards: Publish your anonymization techniques and have them reviewed Follow development of anonymization and re-identification techniques 20/10/2016 Amandine Jambert - IT Experts Department

13 Amandine Jambert - IT Experts Department
Thank you 20/10/2016 Amandine Jambert - IT Experts Department CNIL

Download ppt "Amandine Jambert - IT Experts Department"

Similar presentations

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
Centre for Freedom of Information The childhood leukaemia case – learning points in dealing with the balance between access to information and privacy.

Centre for Freedom of Information The childhood leukaemia case – learning points in dealing with the balance between access to information and privacy.
Rule-Making Book II EU Administrative Procedures – The ReNEUAL Draft Model Rules 2014 Brussels, May 19-20 th 2014 1 Herwig C.H. Hofmann University of Luxembourg.

Rule-Making Book II EU Administrative Procedures – The ReNEUAL Draft Model Rules 2014 Brussels, May th Herwig C.H. Hofmann University of Luxembourg.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Information Sharing Options Phil Walker. Outline I have been asked to present a range of options for lawful data sharing. There is unlikely to be one.

Information Sharing Options Phil Walker. Outline I have been asked to present a range of options for lawful data sharing. There is unlikely to be one.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Drones use in the civil market View of the French DPA

Drones use in the civil market View of the French DPA
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.
Identity A legal perspective FIDIS WP2 workshop 2/3 december 2003

Identity A legal perspective FIDIS WP2 workshop 2/3 december 2003
Privacy, Data Protection and Lex Informatica -- lecture 4 Dr. Lee A. Bygrave, 17.2.2006.

Privacy, Data Protection and Lex Informatica -- lecture 4 Dr. Lee A. Bygrave,
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Data protection and European citizens’ initiatives

Data protection and European citizens’ initiatives
Business Challenges in the evolution of HOME AUTOMATION (IoT)

Business Challenges in the evolution of HOME AUTOMATION (IoT)
Ethical, legal and social aspects of public health genomics Mark Taylor, School of Law, University of Sheffield 7 th November 2014.

Ethical, legal and social aspects of public health genomics Mark Taylor, School of Law, University of Sheffield 7 th November 2014.
General Data Protection Regulation – analysis of impacts

General Data Protection Regulation – analysis of impacts
Freedom of information and protection of personal data Hungarian experiences 5TH MEETING OF DATA PROTECTION AUTHORITIES 28 OCTOBER 2008.

Freedom of information and protection of personal data Hungarian experiences 5TH MEETING OF DATA PROTECTION AUTHORITIES 28 OCTOBER 2008.
An agency of the European Union Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070 Industry.

An agency of the European Union Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070 Industry.
Brussels Privacy Symposium on Identifiability

Brussels Privacy Symposium on Identifiability
The protection of know-how in franchising networks

The protection of know-how in franchising networks

Similar presentations

Ads by Google