Information Pseudonymization and POPIA – Invoice of Well being

By Donrich Thaldar

Simply as Zeus, the King of the Gods in Greek mythology, assumed varied kinds to hide his true id, so does trendy information typically endure transformations to masks its origins. Zeus might turn into a swan, a bull, and even golden rain to realize his functions — all whereas sustaining his essence. Equally, pseudonymization methods purpose to change information sufficient to guard particular person privateness with out dropping the core data obligatory for analysis or evaluation. This entails changing information topics’ figuring out data in a dataset with distinctive codes, whereas conserving one other dataset that hyperlinks these information topics’ figuring out data with their allotted codes. Subsequently, simply as Zeus’ transformations have been generally seen via by eager eyes, pseudonymized information could be re-identified by these gaining access to the linking dataset.

Identifiability inside datasets has all the time been the cornerstone in figuring out if a dataset falls underneath the protecting umbrella of information safety legal guidelines. However whether or not context is related in making this willpower has been controversial. In different phrases, ought to the query of whether or not a dataset is identifiable be reply in a context-agnostic manner (no one anyplace on the earth can determine the info topics within the dataset), or ought to or not it’s answered with regards to a particular context (within the arms of a particular individual, that individual can not determine the info topics within the dataset)? This query has been on the coronary heart of a number of debates and even reached the steps of European courts. Only in the near past, within the landmark case of Single Decision Board v European Information Safety Supervisor, the European Information Safety Supervisor argued that even with pseudonymization, information topics are usually not actually cloaked in anonymity. Why? As a result of someplace, tucked away, there exists a linking dataset that would doubtlessly unmask their id. Nevertheless, the EU Normal Courtroom, counting on an earlier case of Breyer v Federal Republic of Germany, held that identifiability must be seen via the lens of the actual context of the concerned celebration standing earlier than them in court docket. Thus, if such celebration doesn’t have lawful entry to the linking dataset, in its arms the pseudonymized dataset is considered as anonymized information, and the European information safety legislation doesn’t apply to it. Sad with this judgment, the European Information Safety Supervisor has filed an attraction. The attraction should nonetheless be heard within the EU Courtroom of Justice.

All this litigation raises the query: How does South Africa’s Safety of Private Info Act (POPIA) cope with pseudonymized information? Though POPIA doesn’t explicitly consult with pseudonymized information, I argue that it governs pseudonymized information in a context-specific manner, for 2 causes: First, POPIA’s take a look at for whether or not private data has been de-identified facilities round whether or not there’s a “fairly foreseeable technique” to re-identify the data. Reasonability in South African legislation is related to an goal, context-specific inquiry. Second, POPIA itself contemplates eventualities the place the identical dataset will probably be identifiable in a single context, however not in one other.

A helpful strategy to floor this theoretical dialogue is thru the instance of two hypothetical universities — College X and College Y — which can be engaged in collaborative analysis. College X collects well being information from contributors however instantly pseudonymizes it. The college retains a separate linking dataset that would re-identify the info if wanted. When this pseudonymized dataset is with College X, which additionally has the linking dataset, the info qualifies as “private data” underneath POPIA. Subsequently, any processing of this information, together with evaluation for analysis, should adjust to POPIA’s circumstances.

However what occurs when College X shares this pseudonymized dataset with College Y, which doesn’t obtain the linking dataset? The dataset will not be identifiable within the arms of College Y. In different phrases, College Y can course of this information with out falling underneath POPIA. Right here, a conundrum arises. When College X transfers the pseudonymized dataset to College Y, does it have to stick to POPIA’s guidelines for information switch? In spite of everything, in the mean time of switch, the pseudonymized dataset continues to be in charge of College X. Does this not imply that POPIA ought to apply to the switch? I counsel not. Because the act of switch is oriented in the direction of College Y (the recipient), and the pseudonymized dataset will not be identifiable within the arms of College Y, POPIA doesn’t apply to the act of transferring the pseudonymized dataset.

The context-specific interpretation of identifiability in POPIA opens the door for a extra nuanced understanding of information sharing, notably in analysis collaborations. On the one hand, the establishment that collects, generates and pseudonymizes the info (College X) should adhere to POPIA’s provisions for all inside processing of the info — so long as it retains the aptitude to re-identify the info. Alternatively, the receiving entity (College Y) will not be sure by the identical necessities if it lacks the means to re-identify the info. This twin strategy appears to supply the very best of each worlds: fostering collaborative analysis whereas upholding the ideas of information privateness.

Navigating the realm of information privateness is as intricate as deciphering the myriad types of a shape-shifting deity. However, at its core, the purpose stays constant: defending the essence of id, whether or not divine or digital. And as we transfer ahead, the hope is that we are going to discover a steadiness that respects each the search for information and the sanctity of id.

Associated