By Donrich Thaldar
Simply as Zeus, the King of the Gods in Greek mythology, assumed varied varieties to hide his true identification, so does trendy information usually bear transformations to masks its origins. Zeus might turn out to be a swan, a bull, and even golden rain to attain his functions — all whereas sustaining his essence. Equally, pseudonymization methods intention to change information sufficient to guard particular person privateness with out dropping the core data needed for analysis or evaluation. This entails changing information topics’ figuring out data in a dataset with distinctive codes, whereas retaining one other dataset that hyperlinks these information topics’ figuring out data with their allotted codes. Subsequently, simply as Zeus’ transformations have been typically seen by way of by eager eyes, pseudonymized information will be re-identified by these gaining access to the linking dataset.
Identifiability inside datasets has at all times been the cornerstone in figuring out if a dataset falls beneath the protecting umbrella of information safety legal guidelines. However whether or not context is related in making this dedication has been controversial. In different phrases, ought to the query of whether or not a dataset is identifiable be reply in a context-agnostic approach (no person wherever on the earth can establish the information topics within the dataset), or ought to or not it’s answered with regards to a particular context (within the palms of a particular individual, that individual can’t establish the information topics within the dataset)? This query has been on the coronary heart of a number of debates and even reached the steps of European courts. Only in the near past, within the landmark case of Single Decision Board v European Information Safety Supervisor, the European Information Safety Supervisor argued that even with pseudonymization, information topics usually are not really cloaked in anonymity. Why? As a result of someplace, tucked away, there exists a linking dataset that might probably unmask their identification. Nonetheless, the EU Normal Court docket, counting on an earlier case of Breyer v Federal Republic of Germany, held that identifiability ought to be seen by way of the lens of the actual context of the concerned occasion standing earlier than them in court docket. Thus, if such occasion doesn’t have lawful entry to the linking dataset, in its palms the pseudonymized dataset is seen as anonymized information, and the European information safety legislation doesn’t apply to it. Sad with this judgment, the European Information Safety Supervisor has filed an attraction. The attraction should nonetheless be heard within the EU Court docket of Justice.
All this litigation raises the query: How does South Africa’s Safety of Private Info Act (POPIA) take care of pseudonymized information? Though POPIA doesn’t explicitly check with pseudonymized information, I argue that it governs pseudonymized information in a context-specific approach, for 2 causes: First, POPIA’s take a look at for whether or not private data has been de-identified facilities round whether or not there’s a “moderately foreseeable technique” to re-identify the data. Reasonability in South African legislation is related to an goal, context-specific inquiry. Second, POPIA itself contemplates eventualities the place the identical dataset shall be identifiable in a single context, however not in one other.
A helpful technique to floor this theoretical dialogue is thru the instance of two hypothetical universities — College X and College Y — which might be engaged in collaborative analysis. College X collects well being information from members however instantly pseudonymizes it. The college retains a separate linking dataset that might re-identify the information if wanted. When this pseudonymized dataset is with College X, which additionally has the linking dataset, the information qualifies as “private data” beneath POPIA. Subsequently, any processing of this information, together with evaluation for analysis, should adjust to POPIA’s circumstances.
However what occurs when College X shares this pseudonymized dataset with College Y, which doesn’t obtain the linking dataset? The dataset shouldn’t be identifiable within the palms of College Y. In different phrases, College Y can course of this information with out falling beneath POPIA. Right here, a conundrum arises. When College X transfers the pseudonymized dataset to College Y, does it have to stick to POPIA’s guidelines for information switch? In any case, in the intervening time of switch, the pseudonymized dataset remains to be answerable for College X. Does this not imply that POPIA ought to apply to the switch? I recommend not. For the reason that act of switch is oriented in the direction of College Y (the recipient), and the pseudonymized dataset shouldn’t be identifiable within the palms of College Y, POPIA doesn’t apply to the act of transferring the pseudonymized dataset.
The context-specific interpretation of identifiability in POPIA opens the door for a extra nuanced understanding of information sharing, significantly in analysis collaborations. On the one hand, the establishment that collects, generates and pseudonymizes the information (College X) should adhere to POPIA’s provisions for all inside processing of the information — so long as it retains the potential to re-identify the information. Then again, the receiving entity (College Y) shouldn’t be sure by the identical necessities if it lacks the means to re-identify the information. This twin strategy appears to supply one of the best of each worlds: fostering collaborative analysis whereas upholding the ideas of information privateness.
Navigating the realm of information privateness is as intricate as deciphering the myriad types of a shape-shifting deity. However, at its core, the objective stays constant: defending the essence of identification, whether or not divine or digital. And as we transfer ahead, the hope is that we’ll discover a stability that respects each the hunt for data and the sanctity of identification.
