Are 'Pseudonymised' Data always Personal Data? Implications of the GDPR for Administrative Data Research in the UK
Miranda Mourby, Elaine Mackey, Mark Elliot, Heather Gowans, Susan E Wallace, Jessica Bell, Hannah Smith, Stergios Aidinlis, Jane Kaye
Computer Law & Security Review | Elsevier | Published : 2018
There has naturally been a good deal of discussion of the forthcoming General Data Protection Regulation. One issue of interest to all data controllers, and of particular concern for researchers, is whether the GDPR expands the scope of personal data through the introduction of the term ‘pseudonymisation’ in Article 4(5). If all data which have been ‘pseudonymised’ in the conventional sense of the word (e.g. key-coded) are to be treated as personal data, this would have serious implications for research. Administrative data research, which is carried out on data routinely collected and held by public authorities, would be particularly affected as the sharing of de-identiﬁed data could consti..View full abstract
Awarded by ESRC
The authors received support from the ESRC grant number ES/L007452/1 for the Administrative Data Service. The funders played no role in the writing of this article, or the decision to submit it for publication.