Protecting your Data with Pseudonymization: What are the benefits?

Beyond being an exercise in diction, the pseudonymization proposed under the GDPR (General Data Protection Regulation) is an interesting alternative to anonymization, in the possible reuse of data.

According to the Médiamétrie Observatory Web study, eight out of ten Internet users agree to share their personal data, 85% for users of tablets or connected TVs. Two prerequisites for this sharing: that there is a prior relationship between the Internet user and the brand on the one hand, and on the other hand that the latter finds an interest in it, such as benefiting from a promotional offer, ‘a good plan or an exclusivity,.

It is also at the heart of the General Data Protection Regulation (GDPR), one of the measures of which concerns pseudonymization to limit the risks associated with the processing of personal data.

Pseudonymization vs anonymization
Pseudonymization, anonymization, two notions that are phonetically close but nevertheless not to be confused. According to the Cnil, “anonymisation is a processing operation which consists of using a set of techniques in such a way as to make it impossible, in practice, to identify the person by any means whatsoever and irreversibly”. The reversible nature of data concealment is precisely all the difference with pseudonymization. In this case, it is simply a question of “processing of personal data carried out in such a way that data relating to a natural person can no longer be assigned without recourse to additional information”.

Pseudonymization techniques and best practices by the European Union Agency for Cybersecurity.

How to pseudonymize?
Pseudonymisation consists in replacing the directly identifying personal data of an individual with indirectly identifying data (alias, number in a classification, etc.). Clearly, personal data, for example name, address, an identification number, are replaced by an alias, a sequence of numbers or letters. To automate and secure this concealment, secret key cryptographic systems, hash functions, deterministic encryption or even tokenization can be used. Nevertheless, pseudonymization does not represent an infallible protection, because the identity of an individual can also be deduced from a combination of several pieces of information called quasi-identifiers (age, location, etc.)

Why pseudonymise?
Pseudonymization makes it possible to develop analytical activities, research or statistical projects, without risk of abuse. So what is the point of pseudonymization rather than anonymizing? The two concepts have two major differences. Legally, pseudonymized data is always considered personal data.

Anonymization allows actors to use and share their data “deposit”, and this, beyond their retention period because the legislation relating to data protection no longer applies. In terms of security, unlike pseudonymization, it therefore guarantees total protection of personal data. But the significant loss of information limits the possible reuse of data. Hence the attractive alternative of pseudonymization, provided sufficient protection is guaranteed.

 

Newer Articles

• Banking Malware that steals Personal Data
• Mistakes To Avoid When You Are Looking For The Best Life Insurance Policy
• Travel Around the World in One Hour on Mach 9

Older Articles

• New Technologies: From an Electric Car to Low-carbon Future 
• Microlino: Electric Car with Ultra-compact dimensions and Neo-retro style
•  Augmented Reality applied to Poker