The Patient, Data Protection and Changing Healthcare Models Book contents
- Frontmatter
- Acknowledgements
- Contents
- Introduction
- PART I CHANGING HEALTHCARE SYSTEMS
- PART II THE PATIENT’S RIGHT TO DATA PROTECTION. UNDERSTANDING THE LEGAL CONTEXT
- PART III PROTECTIVE AND EMPOWERING MECHANISMS IN EUROPEAN DATA PROTECTION LAW. AN ASSESSMENT OF INFORMED CONSENT, ANONYMISATION AND PURPOSE LIMITATION
- PART IV CONCLUDING REMARKS AND RECOMMENDATIONS FOR THE FUTURE
- List of Abbreviations
- Bibliography
- KU Leuven Centre for IT & IP Law
Chapter II - The Obligation for Data Minimisation through Anonymisation
Published online by Cambridge University Press: 25 May 2021
- Frontmatter
- Acknowledgements
- Contents
- Introduction
- PART I CHANGING HEALTHCARE SYSTEMS
- PART II THE PATIENT’S RIGHT TO DATA PROTECTION. UNDERSTANDING THE LEGAL CONTEXT
- PART III PROTECTIVE AND EMPOWERING MECHANISMS IN EUROPEAN DATA PROTECTION LAW. AN ASSESSMENT OF INFORMED CONSENT, ANONYMISATION AND PURPOSE LIMITATION
- PART IV CONCLUDING REMARKS AND RECOMMENDATIONS FOR THE FUTURE
- List of Abbreviations
- Bibliography
- KU Leuven Centre for IT & IP Law
Summary
Introduction – In Part II, it was described how, despite an upcoming postprivacy movement, the European Union opted for a robust data protection framework. Inherently the choice for a robust, overarching and technologyneutral General Data Protection Regulation, held the choice for limitations on the use of personal data, even when measures to avoid identification or re-identification are taken. Data protection law establishes boundaries for personal data processing based on a set of fundamental ‘back-bone’ principles. The data minimisation principle is one of those back-bone principles.
The principle includes the obligation for data controllers to limit the processing of personal data to data that are “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. The data minimisation principle includes the obligation for data controllers to refrain from the processing of personal data when there is no need for identification of the data subject, and to anonymise data when identification is no longer needed. In combination with the other fundamental principles, such as the purpose limitation principle (discussed in the next chapter), and the lawfulness principle (discussed in the previous chapter), the data minimisation principle aims to balance individual, societal and economic interests. While the previous chapter focussed on empowerment through choice, data minimisation and purpose limitation create patient empowerment through obligations for others.
Anonymisation techniques – Several methods are being used to impede the joining of different datasets. Fundamentally, these methods make a distinction between identifying, quasi-identifying and non-identifying attributes. Data that enable the direct identification of individuals are ‘identifying attributes’ (such as name and social security number). ‘Quasi-identifying attributes’ are data which are in itself not directly identifying, but which allow to single out individuals when unique in their combination (such as postal code, date of birth, gender, and other demographics). It should be noted that the application of anonymisation techniques would qualify, in itself, as a processing operation, since it implies the collection of personal data by a data controller or another party.
- Type
- Chapter
- Information
- The Patient, Data Protection and Changing Healthcare ModelsThe Impact of e-Health on Informed Consent, Anonymisation and Purpose Limitation, pp. 207 - 240Publisher: IntersentiaPrint publication year: 2021