Skip to content

Anonymised Data and the Rule of Law


Daniel Groos, Evert-Ben van Veen


The scope of application of the GDPR is determined by whether data are personal data or not, hence are anonymous data. By still insisting on Opinion 5/2014 the EDPB ignores that in 2016 the CJEU gave a different test to decide whether data are anonymous or not. Our proposal with the six safes test builds on that decision and will also bring the rule of law back in another essential dimension, namely legal certainty. The factors which decide whether data are anonymous or not can be influenced by the holder of the data, while Opinion 5/2014 states that anonymous data can become personal data again because of amongst other things new statistical techniques.
Keywords: Anonymised data | rule of law | GDPR | EDPB

Daniel Groos, MLCF, the Netherlands. Evert-Ben van Veen, MLCF, the Netherlands. For correspondence: < >. Research for this paper was partially funded by two H2020 projects to which we contribute, RECAP-preterm (grant number 733280) and HEAP-Exposome (grant number 874662). Colleague Martin Boeckhout helped to sharpen the focus of this paper during an early discussion of its outline. Matti Rookus of the Netherlands Cancer Institute provided valuable support and the input for the reference on SNP’s. The two reviewers helped to improve the argument even though we might not agree completely. Their impartial contributions are greatly appreciated.


Lx-Number Search

(e.g. A | 000123 | 01)

Export Citation