-
Iām not any kind of expert, but I would assume that advances in AI would mean that personal data held under a pseudonym would / could be easily identified in such a large data set if you really wanted to. For example, male, south London, partial postcode SW1 first GP record in x part of England in 1975, sickness history of x, y and z aged 37,42 and 47, obsessive cycling disorder diagnosed (ok I made the last one up) might get you close to me. (Although I can see why the data set would be really helpful to research and I would support that) Iām nervous over the third party (eg life insurance cover) use
Silver-fox-
Yes. And in this example it'd be even easier to identify you if you lived in a much more sparsely populated postcode. But then maybe you 'fuzz' geographic (or other) info in the data set so that it can never point to fewer than say 1000 people. But that might reduce its usefulness in a particular method of vaccination effectiveness tracking....
(This isn't my specific area of GDPR, I look at a small part of customer record handling for a large company. But it's taken years, a lot of money, lawyers and consultation with EU/UK regulators etc to get from GDPR policy to high level rules that can be applied, let alone actually implementing them).
-
Think the problem is referred to as k-anonymity.
chez_jay
ššØšš”
GDPR is about personal data, which pretty much means personally-identifiable data. And it's aimed at commercial organisations, and very general in most areas. Then anonymisation of bulk data is a complex subject in its own right...