Anonymization: Silver bullet or just a (not quite) modern fairy tale?
Katharina A. Weimer and Melanie Ludolph of Fieldfisher Germany discuss issues surrounding anonymization techniques and the status of anonymized data.
At a time when technological progress is moving faster every day to day, uncertainty about essential concepts such as anonymization and pseudonymization can be frightening. For technologies based on large amounts of data such as big data analysis in the med tech sector or AI systems, these core concepts can be decisive for permissions in data processing. There is often no clear distinction between anonymity and identification, and if there is one at all, it becomes increasingly blurred. Clarifications are clearly needed.
Privacy vs. modern technologies
Even though social media often paint a different picture, people still have a strong interest in privacy. The fundamental right to data protection, also reflected in the European General Data Protection Regulation 2016/679 (GDPR), legally protects this desire. Conflicting with this desire is an ever-increasing interest in all areas of human life, such as online browsing and purchasing behaviour, financial situation and health, physical activity or communication patterns. People freely disclose this type of data but are often reluctant for companies to analyse and possibly monetize it. Fundamental principles of data protection law, such as data minimization and purpose limitation, present limitations when it comes to gaining insights that can drive not only profit and customer-friendly products, but also advances in science and medicine. Other prime examples of the application of data analysis for the benefit of the consumer are the further development of AI-based tools (e.g. speech recognition software) or analyses of trends in the business sector. It is a fact that anonymization is an essential element in today’s world and is often seen as the “silver bullet” of data protection by design where legal and technical challenges arise.