EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

De-identification as public policy

Gilad L. Rosner
Additional contact information
Gilad L. Rosner: Founder, IoT Privacy Forum, UK

Journal of Data Protection & Privacy, 2020, vol. 3, issue 3, 250-267

Abstract: Canada’s data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), does not require or incentivise de-identification of personal data for purposes of sharing or research. This regulatory lacuna puts Canadian national law at a disadvantage in contrast with the privacy regimes of other countries, such as the United Kingdom, Australia and the United States, all of whom have regulatory language requiring or incentivising de-identification by custodians of personal data. This paper is based on a report commissioned by the Office of the Privacy Commissioner of Canada in service of eventual reform of PIPEDA to include de-identification. The paper addresses terminology, definitions, key debates and policy in other jurisdictions. It recommends legal reform, specific regulatory actions, and investigation of emerging policy strategies and lists remaining open questions for the development of a national Canadian de-identification policy. Chief among these recommendations is a reorientation from a regulatory focus on ‘outputs’ (‘Is the dataset rendered anonymous?’) to a focus on ‘process’ (‘Has the data custodian taken proper steps to reduce identification and privacy risks?’). In part, this is based on a rejection of the possibility of ‘irreversible anonymisation’. Relatedly, the paper argues for requiring a risk management approach to de-identification and for the discouragement of the ‘release-andforget’ model of data disclosure, which relies only on data transformations while ignoring technical, physical, administrative and contractual controls.

Keywords: de-identification; PIPEDA; Canadian law; data protection; anonymisation; risk management (search for similar items in EconPapers)
JEL-codes: K2 (search for similar items in EconPapers)
Date: 2020
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/5707/download/ (application/pdf)
https://hstalks.com/article/5707/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jdpp00:y:2020:v:3:i:3:p:250-267

Access Statistics for this article

More articles in Journal of Data Protection & Privacy from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:jdpp00:y:2020:v:3:i:3:p:250-267