Scribd
Upload
15 views12 pages

07 Monir Azraoui en

The document discusses the concept of pseudonymisation in relation to GDPR, highlighting its definition and distinction from anonymisation. It presents findings from audits revealing both bad practices and good practices among data controllers, emphasizing the need for proper implementation and understanding of pseudonymisation techniques. Recommendations include evaluating pseudonymisation procedures, implementing tailored privacy measures, and assessing re-identification risks.

Uploaded by

competitive.ostrich.ybda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views12 pages

07 Monir Azraoui en

The document discusses the concept of pseudonymisation in relation to GDPR, highlighting its definition and distinction from anonymisation. It presents findings from audits revealing both bad practices and good practices among data controllers, emphasizing the need for proper implementation and understanding of pseudonymisation techniques. Recommendations include evaluating pseudonymisation procedures, implementing tailored privacy measures, and assessing re-identification risks.

Uploaded by

competitive.ostrich.ybda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Pseudonymisation:

Feedback from the CNIL


Monir Azraoui – CNIL
Technology expert
December 9th, 2021
About the CNIL: Missions
Informs & Protects
Supports & Guides
Audits & Sanctions
Anticipates & Encourages Innovation

Team of +200 Law & Technology experts

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 2


Pseudonymisation in the GDPR
Pseudonymisation

Recital (26):
Personal data which have undergone pseudonymisation, which could be attributed to a
natural person by the use of additional information should be considered to be
information on an identifiable natural person.

Article 4 (5):
'pseudonymisation' means the processing of personal data in such a manner that the
personal data can no longer be attributed to a specific data subject without the use of
additional information, provided that such additional information is kept separately and is
subject to technical and organisational measures to ensure that the personal data are not
attributed to an identified or identifiable natural person

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 3


PSEUDONYMISATION VS. ANONYMISATION

Anonymised data Personal data Anonymised data Personal data Anonymised data Personal data

Pseudonymised Pseudonymised Pseudonymised


data data data

GDPR GDPR GDPR

HOW DATA CONTROLLERS SEE IT HOW THE GDPR SEES IT WHAT DATA CONTROLLERS WANT

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 4


Audits reveal bad practices…
Ex-post audits to check whether DCs comply with the law

hash
No plan to refresh
Hashing as an anonymisation mechanism Weak cryptographic keys cryptographic keys

name job city car No technical measures


XXX lawyer Cannes Jaguar
to protect secrets/additional info

YYY doctor Nice Lexus


SHA-1
Obsolete hashing algorithms No organisational measures to
Removing direct identifiers as an
anonymisation mechanism
MD5 ensure confidentiality of
secrets/additional info

Misunderstanding of Bad implementation of Inadequate measures to protect


pseudonymisation/anonymisation pseudonymisation mechanisms “additional information”

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 5


… and good practices!
Ex-post audits to check whether DCs comply with the law

Secure storage of Encryption of


cryptographic keys pseudonymised files
or secrets

Risks Data
name job city car
Plan to refresh XXX lawyer France Jaguar 𝑘-
cryptographic keys anonymity
YYY doctor France Lexus
𝑙-diversity

Re-identification risk analysis Protection of Combination of pseudonymisation


performed “additional information” with other security techniques

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 6


RELEVANT USE CASES

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 7


Use Case #1: partitioning data
Police records transcription

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 8


Use Case #2: 2-level pseudonymisation
French Health Insurance Information System
SSN
DoB Level-1 pseudonym
General
gender
regime

Level-2
SSN
Level-1 pseudonym pseudonym
DoB
Special gender
regime

SSN Database
DoB Level-1 pseudonym
Health gender
care data French Health
Sources of data Level 1 Level 2 Insurance Fund

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 9


Use case #3: hashing and key splitting
Ticketing data in public transportation systems (fraud)
Cryptographic
hash function
Pseudonymised
data

Validation
data

Secret key
Key shares

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 10


Main takeaways & Recommendations
Pseudonymisation often mistaken with anonymisation by DC
Misunderstanding of the benefits of pseudonymisation by DC

Practical pseudonymisation: a variety of techniques


Have your pseudonymisation procedure evaluated by experts
Implement tailored privacy & security measures to your processing

Determine risks of re-identification


residual

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 11


THANK YOU

Monir Azraoui - CNIL - mazraoui (at) cnil (dot) fr 12

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy