Daniel Groos and Evert-Ben van Veen worked on a publication on anonymization under the GDPR data and the rule of law this summer. It will be published in the winter 2020 issue of the European Data Protection Law Review. A nice conclusion of a very challenging year in many respects for all of us.
Hereunder the abstract. You can download the preprint here.
The scope of application of the GDPR is determined by whether data are personal data or not, hence are anonymous data. By still insisting on Opinion 5/2014 the EDPB ignores that in 2016 the CJEU gave a different test to decide whether data are anonymous or not. Our proposal with the six safes test builds on that decision and will also bring the rule of law back in another essential dimension, namely legal certainty. The factors which decide whether data are anonymous or not can be influenced by the holder of the data, while Opinion 5/2014 states that anonymous data can become personal data again because of amongst other things new statistical techniques.