 Does de-identification require consent under the GDPR and English common law?Khaled El Emam,
Mike Hintze and
Ruth Boardman
Journal of Data Protection & Privacy, 2020, vol. 3, issue 3, 291-298 Abstract: Data de-identification has many benefits in the context of the General Data Protection Regulation (GDPR). One of the recurring questions is whether consent is required to anonymise or de-identify data. In this paper, the authors make the case that no consent is required for anonymisation or other forms of de-identification under the GDPR, although additional conditions have to be met where special category data is anonymised. Further, under the English equitable duty of confidentiality, consent is generally not required if the de-identification is performed by the direct care team or on behalf of the direct care team; it is arguable that de-identification can also be performed by others outside of the direct care team, but less clear. The alternative would be special authorisation under section 251 of the National Health Service (NHS) Act. Keywords: Privacy-enhancing technologies; de-identification; anonymisation; consent; secondary purposes; data sharing; General Data Protection Regulation Compliance; English common law (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:jdpp00:y:2020:v:3:i:3:p:291-298 Access Statistics for this article More articles in Journal of Data Protection & Privacy from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.