Isn't the GDPR pretty clear on this.
Paragraph 26 states:
"Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person."
As you are aware that the plan is to make the data identifiable in some fashion and then link this to additional datasets (which may I suppose assist the process of making the original data identifiable) then you can't really argue that the data is non- identifiable, particularly if one of the purposes of you providing the data is for it to be made identifiable. .
However the fact that the data is identifiable does not necessarily preclude you from handing it over. That said if the necessary legislative cover is not in place yet then you would be on dodgy ground. It would be safer to treat it as personal data and seek a relevant justification for sharing it.
Seth
Seth Speirs
Data Protection Officer
Public Prosecution Service
028 90264621
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Peter Dinsdale
Sent: 10 August 2018 10:52
To: [log in to unmask]
Subject: Re: [data-protection] Thursday Conundrum
Hmmm, this is a tricky one!!
In my view, if it's able to be made identifiable, then I think it has to contradict your postulate that the data is not identifiable.
Assuming that the future intention to make it identifiable is known by C at the time it is supplied to O, then confidentiality might well apply to it. Does the legal basis provide a justification for breaching confidentiality?
Regards,
Peter
Peter Dinsdale
Data Protection Consultant
Perfect Image /
T: 0191 238 0111
www.perfect-image.co.uk
Follow us on Twitter http://twitter.com/perfectimage
-----Original Message-----
From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Phil Bradshaw
Sent: 09 August 2018 15:56
To: [log in to unmask]
Subject: [data-protection] Thursday Conundrum
Postulate: C has a dataset A which is not currently identifiable data but if it was identifiable would be subject to a duty of confidentiality.
Dataset A is to be supplied to O.
Assume: O's current uses do not require identification and there is no reasonable possibility of re-identification.
HOWEVER
O's future intention is to make the data identifiable (big assumption that this can even be done without contradicting the postulate but go with it) and link it with other identifiable datasets B C and D. If that comes to fruition it will not be a breach of confidentiality at that time as the linkage and uses will have statutory authorization.
Q. Does this future intention to make the data identifiable destroy my postulate that the data is not identifiable - in which case it cannot be supplied now without breaching confidentiality (there is no suggestion of getting consent - explicit or implied).
My gut reaction is no - since when the change comes it will have a valid legal basis.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
________________________________
Save paper, please think twice before printing this email.
Equinox House | Cobalt 3.2 | Cobalt Business Park | Silver Fox Way | North Tyneside | Newcastle upon Tyne | NE27 0QJ T. 0191 238 0111 | F. 0191 238 0127 | Service Desk Direct Line. 0191 238 0121 Perfect Image Ltd. Registered in England & Wales. Company Registration Number: 2650067 Registered Office: Equinox House, Cobalt 3.2, Cobalt Business Park, Silver Fox Way, North Tyneside, Newcastle upon Tyne, NE27 0QJ
This e-mail is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not represent those of Perfect Image Ltd. If you are not the intended recipient, please notify us at [log in to unmask] and be advised that you have received this mail in error and that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|