Campaigners call on ICO for anonymised data rethink

This statement has prompted concerns from Alexander Hanff, managing director of consultancy firm Think Privacy, who claims the DPA should cover anonymised data.

IT Pro has been sent a copy of a letter Hanff sent to the Information Commissioner, Christopher Graham, outlining his concerns, earlier today.

"For any data to be traded, it must be collected and processed and the processing of said data is governed by the DPA and [the] Privacy and Electronics Communications Regulations," wrote Hanff.

"Your declaration that such activities fall beyond the reach of the DPA effectively removes all protection for consumers with regards to the collection and tracking of information online."

He also claims that anonymous data is "rarely anonymous," especially in cases where pseudonyms are used to protect the person whose data it is.

"Often the case is that it [gives]...users a unique identifier in place of traditional identifiers, such as their real name [and] it is trivial to "de-anoym[ise] such data."

This is also an area of concern for Nick Pickles, director of privacy and civil liberties campaign group Big Brother Watch.

"Current thinking appears to see data sets in isolation, rather than questioning if personal information could be re-identified when combined with entirely separate datasets," he said.

"The potential for seemingly irrelevant datasets to be combined to generate incredibly specific personal profiles means any steps towards accepting anonymisation need to be taken very carefully and very slowly."

Speaking to IT Pro, Wood added the DPA will still apply to the use of anonymised data in certain situations.

"If a dataset is disclosed in an anonymised form and a third party can crack it in a way that the originator had not realised, that person would have to comply with the Data Protection Act and could be found in breach of the legislation," explained Wood.