Spain’s data protection authority, the Agencia Española de Protección de Datos, published guidance for anonymizing data. The guidance called for a trained professional to handle the anonymization of a personal data set who also has experience in reidentification attacks. Even though “residual probability” of reidentification will always exist, a data controller must apply accountability to the anonymization process “with appropriate measures to ensure compliance taking into account the nature, context, scope, purposes and risks to rights and freedoms” of the data being reidentified.
24 Feb. 2023
AEPD issues guidance for anonymization
RELATED STORIES
What to know about the new Canadian government PIA standard
Notes from the IAPP Canada: 'The Debaters' battle it out over privacy
A view from DC: What does a second Trump presidency mean for privacy, AI governance?
A view from Brussels: Global Privacy Assembly explores the 'Power of i'
What the US election results may mean for digital policy
