Publication
Embargoed Access

Art. 4(5). Pseudonymisation

Thumbnail Image
License
Cadmus Permanent Link
https://hdl.handle.net/1814/75914
Full-text via DOI
ISBN
9783845276984; 9783406743863; 9781509932528
ISSN
Issue Date
2023
Type of Publication
Contribution to book
Keyword(s)
LC Subject Heading
Other Topic(s)
EUI Research Cluster(s)
Initial version
Published version
Succeeding version
Preceding version
Published version part
Earlier different version
Initial format
Author(s)
Citation
Indra SPIECKER GEN. DÖHMANN, Vagelis PAPAKONSTANTINOU, Gerrit HORNUNG and Paul DE HERT (eds), General data protection regulation : article-by-article commentary, Munchen ; Oxford ; Baden-Baden : Beck ; Hart ; Nomos, 2023, pp. 580-601
Cite
ALMADA, Marco, MARANHÃO, Juliano, SARTOR, Giovanni, Art. 4(5). Pseudonymisation, in Indra SPIECKER GEN. DÖHMANN, Vagelis PAPAKONSTANTINOU, Gerrit HORNUNG and Paul DE HERT (eds), General data protection regulation : article-by-article commentary, Munchen ; Oxford ; Baden-Baden : Beck ; Hart ; Nomos, 2023, pp. 580-601 - https://hdl.handle.net/1814/75914
Abstract
Art. 4(5) introduces the concept of “pseudonymisation”, which consists in processing personal data in such a way as to restrict the possibility of attributing such data to the data subjects concerned. Pseudonymisation transforms a set of personal data into a new set of data — the pseudonymised data — which can be attributed to the data subjects only through the use of further data, that are kept separately and are subject to technical and organisational measures to prevent their unauthorised or unlawful use. Pseudonymisation must be clearly distinguished from anonymisation. Anonymised data no longer qualify as personal data, since they can no longer be linked to the data subjects; therefore, they do not fall within the scope of the GDPR. On the contrary, pseudonymised data can still be linked to the data subjects (by using the further data that enable reidentification); therefore, they remain personal data, subject to the GDPR’s requirements. The use of pseudonymisation measures is not explicitly mandated by EU data protection law, but practical considerations mean that pseudonymisation is likely to play a role in most data protection endeavours, and be practically unavoidable in those in which controllers are expected to uphold an especially high level of protection.
Table of Contents
Additional Information
External Links
Publisher
Beck ; Hart ; Nomos
Version
Research Projects
Sponsorship and Funder Information
Collections
LAW Contributions to Books