By Donrich Thaldar
Simply as Zeus, the King of the Gods in Greek mythology, assumed numerous types to hide his true identification, so does fashionable information typically bear transformations to masks its origins. Zeus might turn into a swan, a bull, and even golden rain to realize his functions — all whereas sustaining his essence. Equally, pseudonymization strategies goal to change information sufficient to guard particular person privateness with out dropping the core data vital for analysis or evaluation. This entails changing information topics’ figuring out data in a dataset with distinctive codes, whereas maintaining one other dataset that hyperlinks these information topics’ figuring out data with their allotted codes. Due to this fact, simply as Zeus’ transformations had been generally seen by way of by eager eyes, pseudonymized information may be re-identified by these accessing the linking dataset.
Identifiability inside datasets has all the time been the cornerstone in figuring out if a dataset falls below the protecting umbrella of information safety legal guidelines. However whether or not context is related in making this willpower has been controversial. In different phrases, ought to the query of whether or not a dataset is identifiable be reply in a context-agnostic manner (no one wherever on the planet can establish the info topics within the dataset), or ought to or not it’s answered on the subject of a selected context (within the fingers of a selected particular person, that particular person can not establish the info topics within the dataset)? This query has been on the coronary heart of a number of debates and even reached the steps of European courts. Only recently, within the landmark case of Single Decision Board v European Knowledge Safety Supervisor, the European Knowledge Safety Supervisor argued that even with pseudonymization, information topics will not be really cloaked in anonymity. Why? As a result of someplace, tucked away, there exists a linking dataset that might doubtlessly unmask their identification. Nevertheless, the EU Basic Courtroom, counting on an earlier case of Breyer v Federal Republic of Germany, held that identifiability must be seen by way of the lens of the actual context of the concerned celebration standing earlier than them in court docket. Thus, if such celebration doesn’t have lawful entry to the linking dataset, in its fingers the pseudonymized dataset is considered as anonymized information, and the European information safety legislation doesn’t apply to it. Sad with this judgment, the European Knowledge Safety Supervisor has filed an enchantment. The enchantment should nonetheless be heard within the EU Courtroom of Justice.
All this litigation raises the query: How does South Africa’s Safety of Private Info Act (POPIA) cope with pseudonymized information? Though POPIA doesn’t explicitly consult with pseudonymized information, I argue that it governs pseudonymized information in a context-specific manner, for 2 causes: First, POPIA’s check for whether or not private data has been de-identified facilities round whether or not there’s a “moderately foreseeable methodology” to re-identify the data. Reasonability in South African legislation is related to an goal, context-specific inquiry. Second, POPIA itself contemplates eventualities the place the identical dataset will probably be identifiable in a single context, however not in one other.
A helpful technique to floor this theoretical dialogue is thru the instance of two hypothetical universities — College X and College Y — which can be engaged in collaborative analysis. College X collects well being information from contributors however instantly pseudonymizes it. The college retains a separate linking dataset that might re-identify the info if wanted. When this pseudonymized dataset is with College X, which additionally has the linking dataset, the info qualifies as “private data” below POPIA. Due to this fact, any processing of this information, together with evaluation for analysis, should adjust to POPIA’s situations.
However what occurs when College X shares this pseudonymized dataset with College Y, which doesn’t obtain the linking dataset? The dataset just isn’t identifiable within the fingers of College Y. In different phrases, College Y can course of this information with out falling below POPIA. Right here, a conundrum arises. When College X transfers the pseudonymized dataset to College Y, does it have to stick to POPIA’s guidelines for information switch? In spite of everything, in the intervening time of switch, the pseudonymized dataset continues to be in charge of College X. Does this not imply that POPIA ought to apply to the switch? I recommend not. For the reason that act of switch is oriented in the direction of College Y (the recipient), and the pseudonymized dataset just isn’t identifiable within the fingers of College Y, POPIA doesn’t apply to the act of transferring the pseudonymized dataset.
The context-specific interpretation of identifiability in POPIA opens the door for a extra nuanced understanding of information sharing, notably in analysis collaborations. On the one hand, the establishment that collects, generates and pseudonymizes the info (College X) should adhere to POPIA’s provisions for all inside processing of the info — so long as it retains the aptitude to re-identify the info. However, the receiving entity (College Y) just isn’t certain by the identical necessities if it lacks the means to re-identify the info. This twin strategy appears to supply the perfect of each worlds: fostering collaborative analysis whereas upholding the ideas of information privateness.
Navigating the realm of information privateness is as intricate as deciphering the myriad types of a shape-shifting deity. However, at its core, the objective stays constant: defending the essence of identification, whether or not divine or digital. And as we transfer ahead, the hope is that we’ll discover a stability that respects each the hunt for data and the sanctity of identification.
