~ 2000 / 2026 ~
// Documenti disponibili n:
48.480
// Documenti scaricati n:
40.494.145
// Newsletter n:
3585

ID 26673 | 13 Luglio 2026 - Adopted on 07 July 2026
These guidelines clarify the notion of anonymous data and provide a practical framework for determining whether data has been successfully anonymised. This guidance will therefore help to ensure that data is safely anonymised where possible and proportionate, allowing for free and fruitful use of data while preserving the rights and protections of natural persons.
Under the GDPR, data is anonymous if it does not relate to an identified or identifiable natural person. Whether this is the case may vary from one entity to another. Consequently, anonymity should be assessed from each relevant entity’s perspective – typically any party for whom the data is intended to be anonymous.
Information can relate to a natural person by reason of its content, purpose or effect. The existence of such a link need not be readily apparent and may require some processing to establish. A natural person is “identified or identifiable” if they can be distinguished from others in a given context using means reasonably likely to be used and in a way that makes it possible
to treat them differently. “Means” should be interpreted broadly and may include means that are only accessible through a third party. Whether they are reasonably likely to be used will depend on the relevant entity’s perspective and should be assessed in light of all objective factors.
This analysis is then incorporated into a framework for assessing anonymity. The framework can be applied in two different ways: one which considers the differences in capabilities between those who might identify the data subject (“the contextual approach”) and one which does not (“the simplified approach”). The contextual approach reflects the full nuances of the
legal standard for anonymisation and allows the controller to assess whether data is anonymous for each relevant entity based on their respective capabilities. The simplified approach, on the other hand, can go beyond the legal standard and may lead an anonymising controller to treat data as though it is not anonymous even if it would actually be so for some relevant entities. However, it also offers a more convenient option for controllers who choose to use it, provides greater confidence that data is actually anonymous and can be combined with the contextualised approach to refine the findings.
The framework itself presents three criteria which can be used to test if data is anonymous: No Record Isolation, No Linkage and No Inference. These criteria should be used to assess the effectiveness of possible (re-) identification techniques. Generally speaking, (re-) identification is more likely to be successful against record-level data with high dimensionality and high resolution, but other factors are also important. Techniques should be assessed on their ability to generate accurate results, in particular whether they produce an answer which is sufficiently precise and reliable to allow the data subject to be distinguished and treated differently.
If all three criteria are passed, under either the contextual or the simplified approach, then the given data can be safely considered anonymous. If any criterion fails, further analysis should be done to determine if the data may nevertheless be considered anonymous. In particular, it should be tested whether any isolated records, possibly together with linked data, allow for singling out individuals.
...
add attached
Testata editoriale iscritta al n. 22/2024 del registro periodici della cancelleria del Tribunale di Perugia in data 19.11.2024