Commissioner Viviane Reding intervened in the Justice Council on March 8, 2013, on matters related to the adoption of the Data Protection Regulations. She referred among other things to the issue of pseudonymous data, saying that incentives should be created for companies to use such data instead of the names of the data subject. Nevertheless, Reding insisted that it should always be kept in mind that pseudonymous data is personal data and that it should be subject in general to the data protection legal regime.
“Anonymous data is easy to deal with. It is outside the scope of the instrument. There is no risk. The Commission’s proposal makes this clear.
Pseudonymous data is more difficult. I understand the principle. We should encourage companies to use pseudonyms rather than the actual names of persons. This makes sense. It is in the interest of citizens. For pseudonyms to be used, you need to create incentives. Lighter obligations on privacy by design or on notification of breaches are candidates.
The inclusion of a notion of pseudonymous data has also been suggested by the European Parliament’s Rapporteur, Jan-Philipp Albrecht. This demonstrates that there is convergence between the Council and the Parliament on key elements of this file.
But I would sound a note of caution: Pseudonymous data is personal data. It relates to an identified or identifiable natural person and has to be protected under the Charter and EU law. Risks to privacy remain and are real. A single piece of data such as an email address can create a link between a very accurate profile and a person. It is particularly important to keep this in mind since pseudonymous data is often used in the health sector.
So I am happy to work on the notion of pseudonymous data but I will be vigilant. We need a robust definition and robust safeguards. Pseudonymous data must not become a Trojan horse at the heart of the Regulation, allowing the non-application of its provisions.”
You can find the entire intervention HERE.