Are ‘pseudonymised’ data always personal data? Implications of the GDPR for administrative data research in the UK

There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identified data could constitute the unconsented disclosure of identifiable information.Instead, however, we argue that the definition of pseudonymisation in Article 4(5) GDPR will not expand the category of personal data, and that there is no intention that it should do so. The definition of pseudonymisation under the GDPR is not intended to determine whether data are personal data; indeed it is clear that all data falling within this definition are personal data. Rather, it is Recital 26 and its requirement of a ‘means reasonably likely to be used’ which remains the relevant test as to whether data are personal. This leaves open the possibility that data which have been ‘pseudonymised’ in the conventional sense of key-coding can still be rendered anonymous. There may also be circumstances in which data which have undergone pseudonymisation within one organisation could be anonymous for a third party. We explain how, with reference to the data environment factors as set out in the UK Anonymisation Network's Anonymisation Decision-Making Framework.     

Encryption safe harbours and data breach notification laws

Data breach notification laws require organisations to notify affected persons or regulatory authorities when an unauthorised acquisition of personal data occurs. Most laws provide a safe harbour to this obligation if acquired data has been encrypted. There are three types of safe harbour: an exemption; a rebuttable presumption and factor-based analysis. We demonstrate, using three condition-based scenarios, that the broad formulation of most encryption safe harbours is based on the flawed assumption that encryption is the silver bullet for personal information protection. We then contend that reliance upon an encryption safe harbour should be dependent upon a rigorous and competent risk-based review that is required on a case-by-case basis. Finally, we recommend the use of both an encryption safe harbour and a notification trigger as our preferred choice for a data breach notification regulatory framework.     

Opening up personal data protection: A conceptual controversy

The existence of a fundamental right to the protection of personal data in European Union (EU) law is nowadays undisputed. Established in the EU Charter of Fundamental Rights in 2000, it is increasingly permeating EU secondary law, and is expected to play a key role in the future EU personal data protection landscape. The right's reinforced visibility has rendered manifest the co-existence of two possible and contrasting interpretations as to what it come to mean. If some envision it as a primarily permissive right, enabling the processing of such data under certain conditions, others picture it as having a prohibitive nature, implying that any processing of data is a limitation of the right, be it legitimate or illegitimate. This paper investigates existing tensions between different understandings of the right to the protection of personal data, and explores the assumptions and conceptual legacies underlying both approaches. It traces their historical lineages, and, focusing on the right to personal data protection as established by the EU Charter, analyses the different arguments that can ground contrasted readings of its Article 8. It also reviews the conceptualisations of personal data protection as present in the literature, and finally contrasts all these perspectives with the construal of the right by the EU Court of Justice.     

Privacy by design and anonymisation techniques in action: Case study of Match technology

Privacy by Design is now enjoying widespread acceptance. The EU has recently expressly included it as one of the key principles in the revised data protection legal framework. But how does Privacy by design and data anonymisation work in practise? In this article the authors address this question from a practical point of view by analysing a case study on EU Financial Intelligence Units (“FIUs”) using the Ma³tch technology as additional feature to the existing exchange of information via FIU.NET decentralised computer network. They present, analyse, and evaluate Ma³tch technology from the perspective of personal data protection. The authors conclude that Ma³tch technology can be seen as a valuable example of Privacy by Design. It achieves data anonymisation and enhances data minimisation and data security, which are the fundamental elements of Privacy by Design. Therefore, it may not only improve the exchange of information among FIUs and allow for the data processing to be in line with applicable data protection requirements, but it may also substantially contribute to the protection of privacy of related data subjects. At the same time, the case study clearly shows that Privacy by Design needs to be supported and complemented by appropriate organisational and technical procedures to assure that the technology solutions devised to protect privacy would in fact do so.     

Exploring the non-absolute nature of the right to data protection

In two recent judgements, the Court of Justice of the European Union stated that ‘The right to the protection of personal data is not, however, an absolute right, but must be considered in relation to its function in society’ (Eifert, para 48). This paper considers the ‘non-absolute’ nature of the right to data protection. Being a relatively new right, the boundaries of this right in the Charter are still somewhat unexplored. This paper considers five aspects that can be seen as setting boundaries to the otherwise absolute nature of the right to data protection: (a) consideration of the function of the right to data protection in society; (b) positive delimitations of the right that come from the formulation of the right (Article 8) in the Charter; (c) limitations on the right provided for in Article 52 of the Charter; (d) close connections with Article 7 of the Charter and Article 8 ECHR; and (e) the detailed provisions in current data protection secondary legislation and the future data protection regulation framework. Based on the reflections on each of these boundary-setting aspects, the paper argues that in spite of occasional vagueness and conflicting approaches of each of the aspects, understanding of the right to data protection has evolved since its first formulation in the Charter. There is a subtle and gradual distancing from the initial understanding of the close relationship with the right to private and family life. This gradual distancing is a positive development as the two have different foundations, scope and purposes. Yet it is only when both are taken together that the shared common objective of providing effective protection to citizens' personal and family life can be achieved.     

Betrayal of confidence in the Court of Appeal

In overturning Latham J's judgment in R v Department of Health, Ex Parte Source Informatics Ltd. that anonymisation does not obviate breaching a personal confidence, the Court of Appeal holds that where the duty of confidence arises in equity it does not prohibit the confidant using the confided information without the consent of the confider if this does not treat the confider unfairly (relative to the Court's view of the confider's legitimate interests). We argue that this principle--by bringing fairness to bear on the scope of the duty of confidence rather than on whether a breach of it may be lawful--has no authority in usable precedents; that the Court's interpretation of fairness in applying this principle is, in any event, incompatible with the Data Protection Act 1998 (in part because the Court has too narrow a conception of privacy); that the Court errs in holding that neither anonymisation of personal data nor use of anonymous data falls under the Data Protection Act; and that the Court's insensitivity to the vulnerability that leads patients to disclose information about themselves to health professionals for their treatment, leads it to misidentify the basis of the duty of confidence in such disclosures. The Court of Appeal's reasoning does not clarify the duty of confidence, but virtually abolishes it in the face of competing commercial and research interests.     

Suburbia’s “Crime Experts”: The Neo-Conservatism of Control Theory and the Ethos of Crime

This essay tackles the relationship between morality and crime by way of the debate surrounding Travis Hirschi’s double contribution to so-called “control theory,” first as “social bonding theory,” and subsequently as a “general theory” of crime. The assessment conducted herein construes the first version of “control” as an expression of patriotism, and its late formulation, on account of its emphasis on varying individual levels of self-mastery, as an implicit reaffirmation of the inevitability of class division. Over the years, the fixation with “self-control” has become a rubric for the suburban anxieties of an upper-middle class surrounded by expanding (ghetto) poverty and plagued by familial dysfunction and the alienation of its own offspring. In the final analysis, these reflections form the basis for a general reformulation, inspired by the sociology of Thorstein Veblen, of the relationship between class and crime and condign punishment by leveraging the notion of ethos (a common mindset peculiar to each class), and proving thereby that crime is systematically determined by this very mindset, which is the spiritual complement to class formation, rather than by the conventionally classless categories of rational self-interest or idiosyncratic proneness to violence.     

Belief in a Just World as a Resource of Victimized Students

In a cross-sectional questionnaire study with N?=?2593 German students, aged between 12 and 17 years (M?=?14.1, SD?=?0.5), we investigated the relation between students’ personal belief in a just world (BJW) and their victimization in bullying situations. According to the just-world theory and research, we expected that the more strongly the students endorsed the personal BJW, the less likely they were to report being victimized by other students. We aimed to extend previous findings that failed to confirm this negative relation by considering students’ personal experience of teacher justice as a possible mediator in this relation, while statistically controlling for sex and school type. We further considered the nested data structure with regard to school classes in our analyses. The results of latent mediation analyses at the individual and group levels showed that the more the students endorsed personal BJW, the more they evaluated their teachers’ behavior toward them personally as being just, and the less likely they were to report that they were bullied. However, the students’ personal experience of teacher justice did not mediate the relation between personal BJW and victimization at the individual or group level when controlled for sex and school type. We discussed the adaptive functions of BJW and implications for future school research and practice.     

Legislative genesis and judicial death of a directive: The European Court of Justice invalidated the data retention directive (2006/24/EC) thereby creating a sustained period of legal uncertainty about the validity of national laws which enacted it

The Grand Chamber has ruled that the data retention directive was invalid ex tunc since it seriously interfered with the fundamental rights to respect for private life and protection of personal data and exceeded the limits of the principle of proportionality which are provided for in the Charter. The scope and temporal effects of this ruling should be clarified, especially its legal impacts on national laws of Member States which enacted the directive. In addition, the findings of the Grand Chamber on geographical safeguards have far-reaching implications on the retention and storage of personal data in the EU.     

Data protection in Europe – Some thoughts on reading the academic manifesto

The commentary by academics on the proposed European General Data Protection Regulation in [2013] 29 CLSR 180 has provoked thoughts in response. The responder strongly agrees with the doubts expressed about the definition of personal data, anonymisation and the identifiability of individuals. On the other hand, he disagrees with the views on consent and legitimacy and proposes support for a risk-based approach to data protection. He suggests that data protection does not need to be defended from the attack that it stifles business, but is justifiable for its assertion of fundamental rights. In conclusion, he shares the criticism of the European Commission's delegated and implementing powers and is concerned that the Regulation will be rushed to a conclusion for reasons of political ambition.     

The joined cases of Dwyer,SpaceNet and VD and SR before the European Court of Justice: The judgments of the Grand Chamber about data retention continue falling on deaf ears in Member States

On 5 April and 20 September 2022, the Grand Chamber of the European Court of Justice rendered three judgments in the cases of Dwyer, SpaceNet and VD and SR. It mainly reiterated its own applicable case law on the retention of and access to traffic and location data. In the VD and SR judgment, the Grand Chamber however expanded its scope to the area of market abuse.Legislation adopted by Member States and decisions rendered by most domestic courts, tribunals and judges do not fully comply with the case law of the Grand Chamber on the retention of and access to traffic and location data. In this particular context, the EU legislature should urgently adopt EU secondary legislation on the retention of personal data to provide legal clarity to all players involved.     

The right to data portability in the GDPR: Towards user-centric interoperability of digital services

The right to data portability is one of the most important novelties within the EU General Data Protection Regulation, both in terms of warranting control rights to data subjects and in terms of being found at the intersection between data protection and other fields of law (competition law, intellectual property, consumer protection, etc.). It constitutes, thus, a valuable case of development and diffusion of effective user-centric privacy enhancing technologies and a first tool to allow individuals to enjoy the immaterial wealth of their personal data in the data economy. Indeed, a free portability of personal data from one controller to another can be a strong tool for data subjects in order to foster competition of digital services and interoperability of platforms and in order to enhance controllership of individuals on their own data. However, the adopted formulation of the right to data portability in the GDPR could benefit from further clarification: several interpretations are possible, particularly with regard to the object of the right and its interrelation with other rights, potentially leading to additional challenges within its technical implementation. The aim of this article is to propose a first systematic interpretation of this new right, by suggesting a pragmatic and extensive approach, particularly taking advantage as much as possible of the interrelationship that this new legal provision can have with regard to the Digital Single Market and the fundamental rights of digital users. In sum, the right to data portability can be approximated under two different perspectives: the minimalist approach (the adieu scenario) and the empowering approach (the fusing scenario), which the authors consider highly preferable.     

Case commentary: anonymisation is not exoneration

This case commentary analyses a ruling that any use of information given in confidence for unconsented purposes is a breach of confidence capable of supporting a legal action (even if the information has previously been anonymised and aggregated). The ruling is being appealed. It is argued that, while it is reasonable to delineate a narrower duty of confidentiality (not to disclose personal information, against breach of which anonymisation protects), this must be within a broad duty of confidence (not to use private information, which using anonymous information can still breach). Thus, the ruling is fundamentally correct in holding that anonymisation does not permit information obtained in confidence to be used for unconsented purposes. This, however, implies that information obtained for a patient's treatment may not be used lawfully for medical research or NHS management purposes without consent, even if it is anonymised. Such a consequence is unacceptable as a matter of public policy. However, it is equally unacceptable to seek an exemption through the idea that patients give "implied consent" for medical research and NHS management purposes. It is also unacceptable to maintain that the public interest in medical research (regardless of its aims) justifies unconsented use of information obtained in confidence, even if the information is anonymised. The way in which Section 33 of the Data Protection Act 1998 creates an exemption to its Second Data Protection Principle provides a ready-made model for a public interest based exemption for medical research and statistical NHS purposes.     

Vulnerable data subjects

Discussion about vulnerable individuals and communities spread from research ethics to consumer law and human rights. According to many theoreticians and practitioners, the framework of vulnerability allows formulating an alternative language to articulate problems of inequality, power imbalances and social injustice. Building on this conceptualisation, we try to understand the role and potentiality of the notion of vulnerable data subjects. The starting point for this reflection is wide-ranging development, deployment and use of data-driven technologies that may pose substantial risks to human rights, the rule of law and social justice. Implementation of such technologies can lead to discrimination systematic marginalisation of different communities and the exploitation of people in particularly sensitive life situations. Considering those problems, we recognise the special role of personal data protection and call for its vulnerability-aware interpretation. This article makes three contributions. First, we examine how the notion of vulnerability is conceptualised and used in the philosophy, human rights and European law. We then confront those findings with the presence and interpretation of vulnerability in data protection law and discourse. Second, we identify two problematic dichotomies that emerge from the theoretical and practical application of this concept in data protection. Those dichotomies reflect the tensions within the definition and manifestation of vulnerability. To overcome limitations that arose from those two dichotomies we support the idea of layered vulnerability, which seems compatible with the GDPR and the risk-based approach. Finally, we outline how the notion of vulnerability can influence the interpretation of particular provisions in the GDPR. In this process, we focus on issues of consent, Data Protection Impact Assessment, the role of Data Protection Authorities, and the participation of data subjects in the decision making about data processing.     

Automated evaluation of approximate matching algorithms on real data

Bytewise approximate matching is a relatively new area within digital forensics, but its importance is growing quickly as practitioners are looking for fast methods to screen and analyze the increasing amounts of data in forensic investigations. The essential idea is to complement the use of cryptographic hash functions to detect data objects with bytewise identical representation with the capability to find objects with bytewise similar representations.Unlike cryptographic hash functions, which have been studied and tested for a long time, approximate matching ones are still in their early development stages and evaluation methodology is still evolving. Broadly, prior approaches have used either a human in the loop to manually evaluate the goodness of similarity matches on real world data, or controlled (pseudo-random) data to perform automated evaluation.This work's contribution is to introduce automated approximate matching evaluation on real data by relating approximate matching results to the longest common substring (LCS). Specifically, we introduce a computationally efficient LCS approximation and use it to obtain ground truth on the t5 set. Using the results, we evaluate three existing approximate matching schemes relative to LCS and analyze their performance.     

From social netizens to data citizens: Variations of GDPR awareness in 28 European countries

We study variability in General Data Protection Regulation (GDPR) awareness in relation to digital experience in the 28 European countries of EU27-UK, through secondary analysis of the Eurobarometer 91.2 survey conducted in March 2019 (N = 27,524). Education, occupation, and age are the strongest sociodemographic predictors of GDPR awareness, with little influence of gender, subjective economic well-being, or locality size. Digital experience is significantly and positively correlated with GDPR awareness in a linear model, but this relationship proves to be more complex when we examine it through a typological analysis. Using an exploratory k-means cluster analysis we identify four clusters of digital citizenship, across both dimensions of digital experience and GDPR awareness: the off-line citizens (22%), the social netizens (32%), the web citizens (17%), and the data citizens (29%). The off-line citizens rank lowest in internet use and GDPR awareness; the web citizens rank at about average values, while the data citizens rank highest in both digital experience and GDPR knowledge and use. The fourth identified cluster, the social netizens, have a discordant profile, with remarkably high social network use, below average online shopping experiences, and low GDPR awareness. Digitalization in human capital and general internet use is a strong country-level correlate of the national frequency of the data citizen type. Our results confirm previous studies of the low privacy awareness and skills associated with intense social media consumption, but we find that young generations are evenly divided between the rather carefree social netizens and the strongly invested data citizens. In order to achieve the full potential of the GDPR in changing surveillance practices while fostering consumer trust and responsible use of Big Data, policymakers should more effectively engage the digitally connected social netizens in the public debate over data use and protection. Moreover, they should enable all types of digital citizens to exercise their GDPR rights and to support the creation of value from data, while defending the right to protection of personal data.     

A Genetic Basis of Economic Egalitarianism

Studies of political attitudes and ideologies have sought to explain their origin. They have been assumed to be a result of political values ingrained during the process of socialization until early adulthood, as well as personal political experience, party affiliation, social strata, etc. As a consequence of these environment-dominated explanations, most biology-based accounts of political preference have never been considered. However, in the light of evidence accumulated in recent years, the view that political attitudes are detached from any physical properties became unsustainable. In this paper, we investigate the origins of social justice attitudes, with special focus on economic egalitarianism and its potential genetic basis. We use Minnesota Twin Study data from 2008, collected from samples of monozygotic and dizygotic twin pairs (n = 573) in order to estimate the additive genetic, shared environmental, and unique environmental components of social justice attitudes. Our results show that the large portion of the variance in a four-item economic egalitarianism scale can be attributed to genetic factor. At the same time, shared environment, as a socializing factor, has no significant effect. The effect of environment seems to be fully reserved for unique personal experience. Our findings further problematize a long-standing view that social justice attitudes are dominantly determined by socialization.     

Restorative Justice, Shame and Forgiveness

Restorative conferencing is a new style of criminal justice intervention which is being increasingly used in Britain, especially as a method of delivering police cautions to youth offenders.Is is currently the subject of a lively debate, focusing on its effectiveness as a method of crime reduction, its benefits tovictims, its feasibility in modern society, its effect upon procedural rights of arrestees, and the danger of it becoming a degradation ceremony. This paper seeks to extend the debate to include less obvious, but equally important, issues. The paper focuses on the processes of reintegrative shaming which, inspired by the work of John Braithwaite, are at the core of restorative conferencing. It places these processes in broader historical and cultural contexts, such as the re-emergence ofshame sanctions in the USA, the attack on the notion ofshame launched by cultural radicals, and the changes which have occurred historically in our emotional response to offenders.Three sets of questions emerge: What is the political –as distinct from penal – meaning of the practice of shaming offenders? How does the practice affect the progressive cultural aim of fuller realization of the individual? At what point doesforgiveness become less of a virtue, more of a vice?     

System Justification and the Meaning of Life: Are the Existential Benefits of Ideology Distributed Unequally Across Racial Groups?

In this research, we investigated the relations among system justification, religiosity, and subjective well-being in a sample of nationally representative low-income respondents in the United States. We hypothesized that ideological endorsement of the status quo would be associated with certain existential and other psychological benefits, but these would not necessarily be evenly distributed across racial groups. Results revealed that religiosity was positively associated with subjective well-being in general, but the relationship between system justification and well-being varied considerably as a function of racial group membership. For low-income European Americans, stronger endorsement of system justification as an ideology was associated with increased positive affect, decreased negative affect, and a wide range of existential benefits, including life satisfaction and a subjective sense of security, meaning, and mastery. These findings are consistent with the notion that system justification satisfies psychological needs for personal control and serves a palliative function for its adherents. However, many of these effects were considerably weakened or even reversed for African American respondents. Thus, the psychological benefits associated with religiosity existed for both racial groups, whereas the benefits of system justification were distributed unequally across racial groups.     

Political Expertise, Social Worldviews, and Ideology: Translating “Competitive Jungles” and “Dangerous Worlds” into Ideological Reality

The psychological bases of ideology have received renewed attention amid growing political polarization. Nevertheless, little research has examined how one’s understanding of political ideas might moderate the relationship between “pre-political” psychological variables and ideology. In this paper, we fill this gap by exploring how expertise influences citizens’ ability to select ideological orientations that match their psychologically rooted worldviews. We find that expertise strengthens the relationship between two basic social worldviews—competitive-jungle beliefs and dangerous-world beliefs and left–right self-placement. Moreover, expertise strengthens these relationships by boosting the impact of the worldviews on two intervening ideological attitude systems—social dominance orientation and right-wing authoritarianism. These results go beyond previous work on expertise and ideology, suggesting that expertise strengthens not only relationships between explicitly political attitudes but also the relationship between political attitudes and their psychological antecedents.