Under GDPR, anonymous data is not treated as a personal data, therefore no user consent and no particular protection is required. However, it is very difficult to ensure that data is truly anonymous.
“The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.” (GDPR art.26)
Confidential vs anonymous data collection
The difference between confidential and anonymous data collection is that confidential data contains a link that can be used later to retrieve a user's identity, while anonymous data is recorded so that the information can never be linked to the subject who supplied it.
For instance, age alone is not a unique identifier, but the combination of demographics, like age, gender, and address, could allow identification.
If data is identifiable or can be connected to the user (directly or indirectly), the data collection process cannot claim to be anonymous.
Confidential data is usually coded so that the subject is assigned a unique identifier. The subject's identity is kept separate from the code and data. Overall, users are at greater risk when their unique identifiers can be tied to their identity, and you must ensure that you apply correct safety measures to keep that information safe.
Anonymous data case study
In 2006, Netflix disclosed insufficiently anonymous information about nearly half a million customers. During Netflix's $1 million contest to improve its recommendation system, some researchers were able to re-identify users. It clearly violated users' privacy as, for example, their sexual orientation was fully disclosed.
The lawsuit ended with more than $2,500 in damages for each of more than 2 million Netflix customers. Netflix payed $9 Million to settle the lawsuit.
What is Privacy by Design & Default?
Privacy by Design and privacy by Default are the key principles of the GDPR. Originally introduced by the Canadian Privacy Commissioner of Ontario in the 1990s, the concepts have been adopted by regulators around the world as essential components of privacy protection.
Privacy by Design means that a company must consider data protection and privacy in all steps that involve processing personal data, including project files, 3D models, internal projects, product and software development, and IT systems. Any department that processes personal data is obliged by law to protect users' privacy during the whole project life cycle.
Privacy by Default means any product or service should have all privacy settings in place before it is released. Any personal data provided by the user should only be kept for the amount of time necessary to provide the service. If more information than necessary is disclosed, then "privacy by default" has been breached.
To anonymise any data, it must be stripped of sufficient elements so that the data subject can no longer be identified. It becomes more difficult with time considering the evolution of mining algorithms and 3rd party datasets availability which can be combined with your data.
How should I handle anonymous data collection?
The regulation concerning anonymous data is nuanced, and the boundary between anonymous and other types of data is very blurred. With GDPR and HIPAA, Data Protection is now an integral part of technological development and service delivery in the US and EU.
With the help of experts, keep anonymous data protected and make sure that it is really anonymous.