typos/grammar corrections

Co-authored-by: richardmacduff <ipse@waltervannini.it>
pull/5/head
LINC 2020-06-16 12:41:22 +02:00
parent ad435b0a2b
commit 22834dae3b
3 changed files with 23 additions and 23 deletions

View File

@ -1,18 +1,18 @@
# Sheet n°0: Develop in compliance with the GDPR
#### Whether you work alone, are part of a team developing a project, manage a development team, or are a service provider carrying out developments for third parties, it is essential to ensure that user data and all personal data processing are suffisiently protected throughout the lifecycle of the project.
#### Whether you work alone, are part of a team developing a project, manage a development team, or are a service provider carrying out developments for third parties, it is essential to ensure that user data and all personal data processing are sufficiently protected throughout the lifecycle of the project.
The following steps will help you in the developing privacy-friendly applications or websites:
The following steps will help you in developing privacy-friendly applications or websites:
1. **Be aware of the GDPR core principles**. If you work in a team, we recommend that you identify a person responsible for monitoring compliance. If your company has a Data Protection Officer (DPO), then that person is a key asset in [understanding and meeting the GDPR obligations](https://www.cnil.fr/sites/default/files/atoms/files/guidelines_on_dpos_5_april_2017.pdf). The appointment of a DPO may also be mandatory in some cases, for example if your programs or applications process so-called "sensitive" data (see [examples](#Sheet_n°1:_Identify_personal_data)) on a large scale or conduct regular and systematic monitoring on a large scale.
2. **Map and categorize the data and processing in your system**. Accurately mapping the data processing performed by your program or application will help you ensuring that they comply with legal requirements. Keeping a [record of processing activities](https://www.cnil.fr/en/record-processing-activities) (an example of which can be found on the [CNIL website](https://www.cnil.fr/sites/default/files/atoms/files/record-processing-activities.ods)), allows you to have an overall view of these data, and to identify and prioritize the associated risks. Indeed, personal data may be present in unexpected places such as in server logs, cache files, Excel files, etc., and may be stored in a number of different places. Such record-keeping is mandatory in most cases.
3. **Prioritize the required actions**. On the basis of the data processing registry, identify the required actions to comply with the obligations of the GDPR in advance of the development and prioritize the attention points with regard to the risks for the data subjects by the processing. These points of attention concern in particular [the necessity and types of data collected and processed](#Sheet_n°7:_Minimize_the_data_collection) by your software, [the legal basis](#Sheet_n°15:_Take_into_account_the_legal_basis_in_the_technical_implementation) on which your data processing operations are based, [the information mentions](#Sheet_n°12:_Inform users) of your software or application, [the contractual clauses](#Sheet_n°5_:_Make_an_informed_choice_of_its_architecture) binding you to your contractors, the terms and conditions for [exercising rights](#Sheet_n°13:_Prepare_for_the_exercise_of_people_rights), the measures implemented to [secure your processing](#Sheet_n°6:_Secure_your_websites,_applications_and_servers).
3. **Prioritize the required actions**. On the basis of the data processing registry, identify the required actions to comply with the obligations of the GDPR in advance of the development and prioritize the attention points with regard to the risks that the processing carries for the data subjects. These points of attention concern in particular [the necessity and types of data collected and processed](#Sheet_n°7:_Minimize_the_data_collection) by your software, [the legal basis](#Sheet_n°15:_Take_into_account_the_legal_basis_in_the_technical_implementation) on which your data processing operations are based, [the information mentions](#Sheet_n°12:_Inform users) of your software or application, [the contractual clauses](#Sheet_n°5_:_Make_an_informed_choice_of_its_architecture) binding you to your contractors, the terms and conditions for [exercising rights](#Sheet_n°13:_Prepare_for_the_exercise_of_people_rights), the measures implemented to [secure your processing](#Sheet_n°6:_Secure_your_websites,_applications_and_servers).
4. **Manage the risks**. When you identify that a processing of personal data is likely to create high risks for data subjects, make sure that you manage those risks appropriately in the context. A [Privacy Impact Assessment (PIA) ](https://www.cnil.fr/en/privacy-impact-assessment-pia) can help you manage those risks. The CNIL has developed a [method](https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-1-en-methodology.pdf), [model documents](https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-2-en-templates.pdf) and a [tool](https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment) that will help you to identify those risks, as well as a [catalogue of good practices](https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf) that will assist you in implementing measures to address the identified risks. Furthermore, a privacy impact assessment is mandatory for all processing operations that are likely to create high risks to the rights and freedoms of data subjects. The CNIL proposes, on its [website](https://www.cnil.fr/sites/default/files/atoms/files/liste-traitements-aipd-requise.pdf), a list of types of processing operations for which a DPA is required or not.
4. **Manage the risks**. When you find out that a processing of personal data is likely to create high risks for data subjects, make sure that you manage those risks appropriately in the context. A [Privacy Impact Assessment (PIA) ](https://www.cnil.fr/en/privacy-impact-assessment-pia) can help you manage those risks. The CNIL has developed a [method](https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-1-en-methodology.pdf), [model documents](https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-2-en-templates.pdf) and a [tool](https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment) that will help you to identify those risks, as well as a [catalogue of good practices](https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf) that will assist you in implementing measures to address the identified risks. Furthermore, a Privacy Impact Assessment is mandatory for all processing operations that are likely to create high risks to the rights and freedoms of data subjects. The CNIL proposes, on its [website](https://www.cnil.fr/sites/default/files/atoms/files/liste-traitements-aipd-requise.pdf), a list of types of processing operations for which a DPA is required or not.
5. **put in place internal processes** to ensure compliance during all development stages, ensure that internal procedures guarantee that data protection is taken into account in all aspects of your project and into all events that may occur (e.g. security breach, requests for rectification or access fulfillment, modification of data collected, change of provider, data breach, etc.). The requirements of the [governance label](https://www.cnil.fr/sites/default/files/typo/document/CNIL_Privacy_Seal-Governance-EN.pdf) (even if this one no longer granted by the CNIL since the entry into force of the GDPR) can constitute a useful basis of inspiration to help you set up the necessary organization.
5. **Put in place internal processes** to ensure compliance during all development stages, ensure that internal procedures guarantee that data protection is taken into account in all aspects of your project and for all events that may occur (e.g. security breach, requests for rectification or access fulfillment, modification of data collected, change of provider, data breach, etc.). The requirements of the [governance label](https://www.cnil.fr/sites/default/files/typo/document/CNIL_Privacy_Seal-Governance-EN.pdf) (even if this one is no longer granted by the CNIL since the entry into force of the GDPR) can constitute a useful basis of inspiration to help you set up the necessary organization.
6. **Document developments compliance** to prove your compliance with the GDPR at all times: the actions performed and the documents produced at each stage of development must be mastered. This implies in particular a regular review and update of the documentation of your developments so that it is constantly consistent with the features deployed on your program.

View File

@ -1,6 +1,6 @@
# Sheet n°1: Identify personal data
#### Understanding the notions of "personal data", "purpose" and "processing" is essential for the development of law enforcement and user data. In particular, be careful not to confuse "anonymisation" and "pseudonymization", which have very precise definitions in the GDPR.
#### Understanding the notions of "personal data", "purpose" and "processing" is essential to ensure that software complies with the law when it processes user data. In particular, be careful not to confuse "anonymisation" and "pseudonymization", which have very precise and different definitions in the GDPR.
## Definition
* The notion of **personal data** is defined in the [General Data Protection Regulation](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679) (GDPR) as "[any information relating to an identified or identifiable natural person (referred to as "data subject")](https://www.cnil.fr/en/personal-data-definition)". It covers a broad scope that includes both directly identifying data (e.g. first and last name) and indirectly identifying data (e.g. telephone number, license plate, terminal identifier, etc.).
@ -22,7 +22,7 @@
* from a single piece of data (examples: surname and first name);
* from crossing of a set of data (example: a woman living at such and such an address, born on such and such a day and member of such and such an association).
* Some data are considered **particularly sensitive**. The GDPR prohibits the collection or use of such data, unless, in particular, the data subject has given his/her express consent (active, explicit and preferably written consent, which must be free, specific and informed).
* Some data are considered **particularly sensitive**. The GDPR prohibits the collection or use of such data, unless, in particular, all involved data subjects have given their express consent (active, explicit and preferably written consent, which must be free, specific and informed).
* These requirements concern the following data:
@ -39,10 +39,10 @@
* By default, we recommend that you **never consider raw datasets as anonymous**. Anonymisation results from processing personal data in order to irreversibly prevent identification, whether by:
* _singling out_: it is not possible to isolate some or all records which identify an individual in the dataset;
* _linkability_: the dataset does not allow to link at least, two records concerning the same data subject or a group of data subjects;
* _inference_: it is not possible to deduce, with significant probability, the value of an attribute from the values of a set of other attributes.
* _linkability_: the dataset does not allow to link together two or more records concerning the same data subject or a group of data subjects;
* _inference_: it is not possible to infer, with significant probability, the value of an attribute from the values of a set of other attributes.
* These data processing operations imply in most cases a **loss of quality on the produced dataset**. The Article 29 Working Party (Art. 29 WP) [opinion on anonymisation techniques](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf) describes the main anonymisation techniques used today, as well as examples of datasets wrongly considered anonymous. It is important to note that anonymisation techniques have short comings. The choice to anonymize or not the data as well as the selection of an anonymisation technique must be made on a case by case basis according to contexts of use and need (nature of the data, usefulness of the data, risks for people, etc.).
* These data processing operations imply in most cases a **loss of quality on the produced dataset**. The Article 29 Working Party (Art. 29 WP) [opinion on anonymisation techniques](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf) describes the main anonymisation techniques used today, as well as examples of datasets wrongly considered anonymous. It is important to note that anonymisation techniques have short comings. The choice whether or not to anonymize the data as well as the choice of an anonymisation technique must be made on a case-by-case basis according to the different contexts of use (nature of the data, usefulness of the data, risks for people, etc.).
## Pseudonymization of personal data
@ -51,6 +51,6 @@
* It refers to the processing of personal data in such a way that **data relating to a natural person can no longer be attributed without additional information**. The GDPR insists that this additional information must be kept separately and be subject to technical and organisational measures to avoid re-identification of data subjects. Unlike anonymisation, pseudonymization can be a reversible process.
* In practice, a pseudonymization process consists of **replacing directly identifying data (surname, first name, etc.) in a dataset with indirectly identifying data** (alias, number in a filing system, etc.) in order to reduce their sensitivity. They may result from a cryptographic hash of the data of individuals, such as their IP address, user ID, e-mail address.
* In practice, a pseudonymization process consists in **replacing directly identifying data (surname, first name, etc.) in a dataset with indirectly identifying data** (alias, number in a filing system, etc.) in order to reduce their sensitivity. They may result from a cryptographic hash of the data of individuals, such as their IP address, user ID, e-mail address.
* Data resulting from pseudonymization are considered as **personal data and therefore remain subject to the obligations of the DPMR**. However, the European Regulation encourages the use of pseudonymization in the processing of personal data. Moreover, the GDPR considers that pseudonymization makes it possible to reduce the risks for data subjects and to contribute to compliance with the Regulation.

View File

@ -408,7 +408,7 @@ document.querySelector(output).innerHTML += toc;
<li><p><a href="#Sheet_n°10_:_Ensure_quality_of_the_code_and_its_documentation">Ensure the quality of the code and its documentation</a></p></li>
<li><p><a href="#Sheet_n°11_:_Test_your_applications">Test your applications</a></p></li>
<li><p><a href="#Sheet_n°12_:_Inform_users">Inform users</a></p></li>
<li><p><a href="#Sheet_n°13_:_Prepare_for_the_exercise_of_people_rights">Prepare to exercise people rights</a></p></li>
<li><p><a href="#Sheet_n°13_:_Prepare_for_the_exercise_of_people_rights">Prepare to exercise people's rights</a></p></li>
<li><p><a href="#Sheet_n°14_:_Define_a_data_retention_period">Define a data retention period</a></p></li>
<li><p><a href="#Sheet_n°15_:_Take_into_account_the_legal_bases_in_the_technical_implementation">Take into account the legal basis in the technical implementation</a></p></li>
<li><p><a href="#Sheet_n°16:_Use_analytics_on_your_websites_and_applications">Use analytics on your websites and applications</a></p></li>
@ -442,19 +442,19 @@ document.querySelector(output).innerHTML += toc;
</ul>
<pre class="sourceCode bash"><code class="sourceCode bash"><span class="kw">pandoc</span> -s --template=<span class="st">&quot;templates/mytemplate.html&quot;</span> -H templates/pandoc.css -o index.html README.md [0-9][0-9]*.md</code></pre>
<h1 id="sheet-n0-develop-in-compliance-with-the-gdpr">Sheet n°0: Develop in compliance with the GDPR</h1>
<h4 id="whether-you-work-alone-are-part-of-a-team-developing-a-project-manage-a-development-team-or-are-a-service-provider-carrying-out-developments-for-third-parties-it-is-essential-to-ensure-that-user-data-and-all-personal-data-processing-are-suffisiently-protected-throughout-the-lifecycle-of-the-project.">Whether you work alone, are part of a team developing a project, manage a development team, or are a service provider carrying out developments for third parties, it is essential to ensure that user data and all personal data processing are suffisiently protected throughout the lifecycle of the project.</h4>
<p>The following steps will help you in the developing privacy-friendly applications or websites:</p>
<h4 id="whether-you-work-alone-are-part-of-a-team-developing-a-project-manage-a-development-team-or-are-a-service-provider-carrying-out-developments-for-third-parties-it-is-essential-to-ensure-that-user-data-and-all-personal-data-processing-are-sufficiently-protected-throughout-the-lifecycle-of-the-project.">Whether you work alone, are part of a team developing a project, manage a development team, or are a service provider carrying out developments for third parties, it is essential to ensure that user data and all personal data processing are sufficiently protected throughout the lifecycle of the project.</h4>
<p>The following steps will help you in developing privacy-friendly applications or websites:</p>
<ol style="list-style-type: decimal">
<li><p><strong>Be aware of the GDPR core principles</strong>. If you work in a team, we recommend that you identify a person responsible for monitoring compliance. If your company has a Data Protection Officer (DPO), then that person is a key asset in <a href="https://www.cnil.fr/sites/default/files/atoms/files/guidelines_on_dpos_5_april_2017.pdf">understanding and meeting the GDPR obligations</a>. The appointment of a DPO may also be mandatory in some cases, for example if your programs or applications process so-called &quot;sensitive&quot; data (see <a href="#Sheet_n°1:_Identify_personal_data">examples</a>) on a large scale or conduct regular and systematic monitoring on a large scale.</p></li>
<li><p><strong>Map and categorize the data and processing in your system</strong>. Accurately mapping the data processing performed by your program or application will help you ensuring that they comply with legal requirements. Keeping a <a href="https://www.cnil.fr/en/record-processing-activities">record of processing activities</a> (an example of which can be found on the <a href="https://www.cnil.fr/sites/default/files/atoms/files/record-processing-activities.ods">CNIL website</a>), allows you to have an overall view of these data, and to identify and prioritize the associated risks. Indeed, personal data may be present in unexpected places such as in server logs, cache files, Excel files, etc., and may be stored in a number of different places. Such record-keeping is mandatory in most cases.</p></li>
<li><p><strong>Prioritize the required actions</strong>. On the basis of the data processing registry, identify the required actions to comply with the obligations of the GDPR in advance of the development and prioritize the attention points with regard to the risks for the data subjects by the processing. These points of attention concern in particular <a href="#Sheet_n°7:_Minimize_the_data_collection">the necessity and types of data collected and processed</a> by your software, <a href="#Sheet_n°15:_Take_into_account_the_legal_basis_in_the_technical_implementation">the legal basis</a> on which your data processing operations are based, <a href="#Sheet_n°12:_Inform%20users">the information mentions</a> of your software or application, <a href="#Sheet_n°5_:_Make_an_informed_choice_of_its_architecture">the contractual clauses</a> binding you to your contractors, the terms and conditions for <a href="#Sheet_n°13:_Prepare_for_the_exercise_of_people_rights">exercising rights</a>, the measures implemented to <a href="#Sheet_n°6:_Secure_your_websites,_applications_and_servers">secure your processing</a>.</p></li>
<li><p><strong>Manage the risks</strong>. When you identify that a processing of personal data is likely to create high risks for data subjects, make sure that you manage those risks appropriately in the context. A <a href="https://www.cnil.fr/en/privacy-impact-assessment-pia">Privacy Impact Assessment (PIA)</a> can help you manage those risks. The CNIL has developed a <a href="https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-1-en-methodology.pdf">method</a>, <a href="https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-2-en-templates.pdf">model documents</a> and a <a href="https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment">tool</a> that will help you to identify those risks, as well as a <a href="https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf">catalogue of good practices</a> that will assist you in implementing measures to address the identified risks. Furthermore, a privacy impact assessment is mandatory for all processing operations that are likely to create high risks to the rights and freedoms of data subjects. The CNIL proposes, on its <a href="https://www.cnil.fr/sites/default/files/atoms/files/liste-traitements-aipd-requise.pdf">website</a>, a list of types of processing operations for which a DPA is required or not.</p></li>
<li><p><strong>put in place internal processes</strong> to ensure compliance during all development stages, ensure that internal procedures guarantee that data protection is taken into account in all aspects of your project and into all events that may occur (e.g. security breach, requests for rectification or access fulfillment, modification of data collected, change of provider, data breach, etc.). The requirements of the <a href="https://www.cnil.fr/sites/default/files/typo/document/CNIL_Privacy_Seal-Governance-EN.pdf">governance label</a> (even if this one no longer granted by the CNIL since the entry into force of the GDPR) can constitute a useful basis of inspiration to help you set up the necessary organization.</p></li>
<li><p><strong>Prioritize the required actions</strong>. On the basis of the data processing registry, identify the required actions to comply with the obligations of the GDPR in advance of the development and prioritize the attention points with regard to the risks that the processing carries for the data subjects. These points of attention concern in particular <a href="#Sheet_n°7:_Minimize_the_data_collection">the necessity and types of data collected and processed</a> by your software, <a href="#Sheet_n°15:_Take_into_account_the_legal_basis_in_the_technical_implementation">the legal basis</a> on which your data processing operations are based, <a href="#Sheet_n°12:_Inform%20users">the information mentions</a> of your software or application, <a href="#Sheet_n°5_:_Make_an_informed_choice_of_its_architecture">the contractual clauses</a> binding you to your contractors, the terms and conditions for <a href="#Sheet_n°13:_Prepare_for_the_exercise_of_people_rights">exercising rights</a>, the measures implemented to <a href="#Sheet_n°6:_Secure_your_websites,_applications_and_servers">secure your processing</a>.</p></li>
<li><p><strong>Manage the risks</strong>. When you find out that a processing of personal data is likely to create high risks for data subjects, make sure that you manage those risks appropriately in the context. A <a href="https://www.cnil.fr/en/privacy-impact-assessment-pia">Privacy Impact Assessment (PIA)</a> can help you manage those risks. The CNIL has developed a <a href="https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-1-en-methodology.pdf">method</a>, <a href="https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-2-en-templates.pdf">model documents</a> and a <a href="https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment">tool</a> that will help you to identify those risks, as well as a <a href="https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf">catalogue of good practices</a> that will assist you in implementing measures to address the identified risks. Furthermore, a Privacy Impact Assessment is mandatory for all processing operations that are likely to create high risks to the rights and freedoms of data subjects. The CNIL proposes, on its <a href="https://www.cnil.fr/sites/default/files/atoms/files/liste-traitements-aipd-requise.pdf">website</a>, a list of types of processing operations for which a DPA is required or not.</p></li>
<li><p><strong>Put in place internal processes</strong> to ensure compliance during all development stages, ensure that internal procedures guarantee that data protection is taken into account in all aspects of your project and for all events that may occur (e.g. security breach, requests for rectification or access fulfillment, modification of data collected, change of provider, data breach, etc.). The requirements of the <a href="https://www.cnil.fr/sites/default/files/typo/document/CNIL_Privacy_Seal-Governance-EN.pdf">governance label</a> (even if this one is no longer granted by the CNIL since the entry into force of the GDPR) can constitute a useful basis of inspiration to help you set up the necessary organization.</p></li>
<li><p><strong>Document developments compliance</strong> to prove your compliance with the GDPR at all times: the actions performed and the documents produced at each stage of development must be mastered. This implies in particular a regular review and update of the documentation of your developments so that it is constantly consistent with the features deployed on your program.</p></li>
</ol>
<p>The CNIL website provides numerous practical files which will assist you in setting up law-abiding treatments according to your sector of activity.</p>
<h1 id="sheet-n1-identify-personal-data">Sheet n°1: Identify personal data</h1>
<h4 id="understanding-the-notions-of-personal-data-purpose-and-processing-is-essential-for-the-development-of-law-enforcement-and-user-data.-in-particular-be-careful-not-to-confuse-anonymisation-and-pseudonymization-which-have-very-precise-definitions-in-the-gdpr.">Understanding the notions of &quot;personal data&quot;, &quot;purpose&quot; and &quot;processing&quot; is essential for the development of law enforcement and user data. In particular, be careful not to confuse &quot;anonymisation&quot; and &quot;pseudonymization&quot;, which have very precise definitions in the GDPR.</h4>
<h4 id="understanding-the-notions-of-personal-data-purpose-and-processing-is-essential-to-ensure-that-software-complies-with-the-law-when-it-processes-user-data.-in-particular-be-careful-not-to-confuse-anonymisation-and-pseudonymization-which-have-very-precise-and-different-definitions-in-the-gdpr.">Understanding the notions of &quot;personal data&quot;, &quot;purpose&quot; and &quot;processing&quot; is essential to ensure that software complies with the law when it processes user data. In particular, be careful not to confuse &quot;anonymisation&quot; and &quot;pseudonymization&quot;, which have very precise and different definitions in the GDPR.</h4>
<h2 id="definition">Definition</h2>
<ul>
<li><p>The notion of <strong>personal data</strong> is defined in the <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679">General Data Protection Regulation</a> (GDPR) as &quot;<a href="https://www.cnil.fr/en/personal-data-definition">any information relating to an identified or identifiable natural person (referred to as &quot;data subject&quot;)</a>&quot;. It covers a broad scope that includes both directly identifying data (e.g. first and last name) and indirectly identifying data (e.g. telephone number, license plate, terminal identifier, etc.).</p></li>
@ -477,7 +477,7 @@ document.querySelector(output).innerHTML += toc;
<li>from a single piece of data (examples: surname and first name);</li>
<li>from crossing of a set of data (example: a woman living at such and such an address, born on such and such a day and member of such and such an association).</li>
</ul></li>
<li><p>Some data are considered <strong>particularly sensitive</strong>. The GDPR prohibits the collection or use of such data, unless, in particular, the data subject has given his/her express consent (active, explicit and preferably written consent, which must be free, specific and informed).</p></li>
<li><p>Some data are considered <strong>particularly sensitive</strong>. The GDPR prohibits the collection or use of such data, unless, in particular, all involved data subjects have given their express consent (active, explicit and preferably written consent, which must be free, specific and informed).</p></li>
<li><p>These requirements concern the following data:</p>
<ul>
<li>data relating to the <strong>health of individuals</strong>;</li>
@ -493,16 +493,16 @@ document.querySelector(output).innerHTML += toc;
<li><p>By default, we recommend that you <strong>never consider raw datasets as anonymous</strong>. Anonymisation results from processing personal data in order to irreversibly prevent identification, whether by:</p>
<ul>
<li><em>singling out</em>: it is not possible to isolate some or all records which identify an individual in the dataset;</li>
<li><em>linkability</em>: the dataset does not allow to link at least, two records concerning the same data subject or a group of data subjects;</li>
<li><em>inference</em>: it is not possible to deduce, with significant probability, the value of an attribute from the values of a set of other attributes.</li>
<li><em>linkability</em>: the dataset does not allow to link together two or more records concerning the same data subject or a group of data subjects;</li>
<li><em>inference</em>: it is not possible to infer, with significant probability, the value of an attribute from the values of a set of other attributes.</li>
</ul></li>
<li><p>These data processing operations imply in most cases a <strong>loss of quality on the produced dataset</strong>. The Article 29 Working Party (Art. 29 WP) <a href="https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf">opinion on anonymisation techniques</a> describes the main anonymisation techniques used today, as well as examples of datasets wrongly considered anonymous. It is important to note that anonymisation techniques have short comings. The choice to anonymize or not the data as well as the selection of an anonymisation technique must be made on a case by case basis according to contexts of use and need (nature of the data, usefulness of the data, risks for people, etc.).</p></li>
<li><p>These data processing operations imply in most cases a <strong>loss of quality on the produced dataset</strong>. The Article 29 Working Party (Art. 29 WP) <a href="https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf">opinion on anonymisation techniques</a> describes the main anonymisation techniques used today, as well as examples of datasets wrongly considered anonymous. It is important to note that anonymisation techniques have short comings. The choice whether or not to anonymize the data as well as the choice of an anonymisation technique must be made on a case-by-case basis according to the different contexts of use (nature of the data, usefulness of the data, risks for people, etc.).</p></li>
</ul>
<h2 id="pseudonymization-of-personal-data">Pseudonymization of personal data</h2>
<ul>
<li><p><strong>Pseudonymization is a compromise between retaining raw data and producing anonymized datasets</strong>.</p></li>
<li><p>It refers to the processing of personal data in such a way that <strong>data relating to a natural person can no longer be attributed without additional information</strong>. The GDPR insists that this additional information must be kept separately and be subject to technical and organisational measures to avoid re-identification of data subjects. Unlike anonymisation, pseudonymization can be a reversible process.</p></li>
<li><p>In practice, a pseudonymization process consists of <strong>replacing directly identifying data (surname, first name, etc.) in a dataset with indirectly identifying data</strong> (alias, number in a filing system, etc.) in order to reduce their sensitivity. They may result from a cryptographic hash of the data of individuals, such as their IP address, user ID, e-mail address.</p></li>
<li><p>In practice, a pseudonymization process consists in <strong>replacing directly identifying data (surname, first name, etc.) in a dataset with indirectly identifying data</strong> (alias, number in a filing system, etc.) in order to reduce their sensitivity. They may result from a cryptographic hash of the data of individuals, such as their IP address, user ID, e-mail address.</p></li>
<li><p>Data resulting from pseudonymization are considered as <strong>personal data and therefore remain subject to the obligations of the DPMR</strong>. However, the European Regulation encourages the use of pseudonymization in the processing of personal data. Moreover, the GDPR considers that pseudonymization makes it possible to reduce the risks for data subjects and to contribute to compliance with the Regulation.</p></li>
</ul>
<h1 id="sheet-n2-prepare-your-development">Sheet n°2: Prepare your development</h1>