Journal article

Are 'Pseudonymised' Data always Personal Data? Implications of the GDPR for Administrative Data Research in the UK

Miranda Mourby, Elaine Mackey, Mark Elliot, Heather Gowans, Susan E Wallace, Jessica Bell, Hannah Smith, Stergios Aidinlis, Jane Kaye

Computer Law & Security Review | Elsevier | Published : 2018


There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identified data could consti..

View full abstract

University of Melbourne Researchers


Awarded by ESRC

Funding Acknowledgements

The authors received support from the ESRC grant number ES/L007452/1 for the Administrative Data Service. The funders played no role in the writing of this article, or the decision to submit it for publication.