Anonymisation of personal data – A missed opportunity for the European Commission

As early as the 1970's, privacy studies recognised that ‘anonymisation’ needed to be approached with caution. This caution has since been vindicated by the increasing sophistication of techniques for reidentification. Yet the courts in the UK have so far only hesitatingly grappled with the issues involved, while European courts have produced no guidance.Reviewing the limited case law, the author finds the concepts of both ‘personal data’ (which must be protected) and ‘anonymisation’ (which removes this requirement) misleadingly simplistic. A more practical approach would recognise that identifiability sits on a continuum so that regulation needs to be risk-based and proportional. He proposes some consequential changes to the proposed EU Regulation, albeit with modest hopes for success.This paper is a shortened and slightly revised version of a dissertation submitted in April 2013 to Staffordshire University for the award of the degree of LLM.