Retency technology & compliance

  • 9 Mai 2017
  • Technology
Cover image

Retency deep anonymization technology was validated by the French Privacy Regulator as fully compliant to European Community's anonymization criteria.

Context

A set of personal data is de-identified (or deeply anonymized) when it is impossible to deduct, directly or indirectly, any individual information. In contrary to a popular belief, pseudonymization (hashing of direct identifiers such as name or email address) is not a deep anonymization method.

In its 05/2014 opinion, the G29 group of European Privacy regulators defined three privacy guarantees that must be provided by any true anonymization technique:
  • Resistance to singling-out: it most not be possible to deduce information about a single individual from an anonymized database, notably from a too rare combination of attributes;
  • Linkability: it must not be possible to deduce information about a single individual by looking for associations or correlations with an external database;
  • Inference: it must not be possible to deduce general rules which could be applied, with a good degree of probability, to any single individual.

In the same document, the G29 also declared that anonymization is not achieved by commonly used techniques such as pseudonymization of even destruction of primary identifiers, data generalization (K-anonymity, L-diversity) or noise addition.

True anonymization, compliant to G29 criteria, is a much more demanding data science objective.

Retency

Retency was granted by the French Privacy Regulator a positive assessment of its core anonymization process, as compliant to all three G29 criteria, in the context of collecting and processing personal geo-localizing identifiers without individual consent. It is the same core technology that is used within Retency Privacy Engine.

A summary table is provided below. It contains:
  • The assessment of compliance to anonymization criteria of basic techniques published by the G20 European privacy regulators.
  • The assessment regarding Retency technology against the same criteria, published by the privacy regulator in the context a an initial roll-out.
Image
Plus d'articles