understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border
« Technologies of Identification: Geospatial Systems and Locational Privacy | Main | Data Security: Quit collecting it if you cannot protect it! »

Anonymity: a relative and functional concept

posted by:Giusella Finocchiaro // 11:59 PM // November 07, 2006 // ID TRAIL MIX

trailmixbanner.gif

Anonymous data are extremely relevant in Italian and European legislation: in fact, these data are not subject to the laws regarding processing of personal data. This is stated, for instance, by the recital no. 26 of the European Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Moreover, anonymity represents the best way to protect privacy and personal data, as has been affirmed on several occasion by the European Commission and the European Council.

Qualifying anonymous data is not, however, a simple operation.

Anonymous is, in the common language, a term which evokes an absolute concept: without name.

This concept of anonymity as namelessness, as the origin of the word reveals, by definition excludes the identity of the subject to which it refers.

That which is anonymous is therefore faceless and without identity. Anonymity is a concept which evokes an absolute lack of connection between a fact or an act and a person.

However, anonymity is often relative to specific facts, specific subjects and specific purposes.

A composition, for instance, may be anonymous for some but not for others, depending whether or not they know the author.

So the right to be anonymous, when recognized, refers to certain subjects, in predefined circumstances and for specific occasions, which can be specified by the law.

In the Italian law the anonymous data are defined as being data which in origin or after being processed “cannot be associated with an identified or identifiable data subject”. Data can be originally anonymous or can be treated so as be made anonymous.

The key point of the article is the sentence “cannot be associated”. In which cases can be deemed that data cannot be associated with a subject? Must this be a physical or a technological impossibility? Whether this has to be absolute or relative, has already been clarified by the Recommendation of the Council of Europe No. R (97) 5 on medical data protection, where it is stated that information cannot be considered identifiable if identification requires an unreasonable amount of time and manpower. In case where the individual is not identifiable, the data are referred to as anonymous.

On the contrary, the definition of “personal data” as stated by Italian Law, is “any information relating to natural or legal persons, bodies or associations that are or can be identified, even indirectly, by reference to any other information including a personal identification number” , while the definition given by the European directive is the following: “any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”.
In both definitions the criterion is not only the reference but also the possibility to refer information to a data subject. This referability is measured in relation to the time, cost and technical means necessary to achieve it. The value and sensitivity of the information should also be taken into account. For example, medical data should require a high level of protection. Relating the information and the subject, to which it refers is a technical possibility; however the legality of this depends on legal and contractual boundaries.

Relativity is therefore central to the definition: data can be anonymous for some, but not for others.

Likewise for functionality, data can be anonymous for certain uses but others not so.

In conclusion, as personal data can be legally processed only for specified purposes by authorised persons, data can be anonymous only for certain people under pre-defined conditions. Therefore anonymity in processing of personal data is not an absolute concept: it is, instead, a relative and functional concept.

Giusella Finocchiaro is a Professor of internet law and private law at the University of Bologna, Italy.

Comments

Thanks for this informative piece, Giusella. I think you are entirely right to emphasize the relativity anonymity. Indeed, I think the point about relativity applies even to the broader concept of privacy (assuming that anonymity is just one particular kind of privacy).

Canadian law, like the Italian law you mention, also ties personal information (non-anonymous data) to identifiability: In Canada, both the Privacy Act and the Personal Information Protection and Electronic Documents Act characterize personal information as information about an identifiable individual. But both of these acts also characterize personal information as information that has been *stored* in some significant sense -- information about an identifiable individual that has been "recorded" or "collected." The implication seems to be that, as long as information about an identifiable individual has not been stored, it doesn't count as personal information subject to the protections of Canadian law. I wonder: Does Italian law contain anything like this storage condition on personal information?

Thanks again.

Posted by: David Matheson at November 9, 2006 11:32 AM

Post a comment




Remember Me?


main display area bottom border

.:privacy:. | .:contact:.


This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada