Data Compliance

Data protection is becoming increasingly relevant in the public debate. Numerous examples have recently shown that companies are confronted with serious consequences in the event of data breaches. Ensuring proper data protection is therefore more important than ever. The anonymisation of your data records can play a crucial part in your data protection strategy.

Analysis of data under GDPR


GDPR Article 25 “Data protection by design and by default”

GDPR Article 25 Data protection by design and by default states that pseudonymisation can help to implement the data protection principle of “data minimisation” and thus protect the data of the people involved. However, a pseudonymised data record still allows the identification of individual persons if one has access to other data sources that make this conclusion possible.Pseudonymization involves replacing the data in personally identifying fields with a seemingly random number or text. For instance, fields like name, address, credit card number, and so on are all replaced with a single random value.

Simply replacing the data in these fields however does not make it impossible to re-identify individuals in a pseudonymized data set. With a little additional knowledge about the user in the data set — for instance knowledge of the dates of several doctor visits for a medical data set — it can be easy to re-identify pseudonymized users.


GDPR Recital 26 – The principles of data protection should therefore not apply to anonymous information

The GDPR Recital 26 states: “The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. […] The principles of data protection should therefore not apply to anonymous information, including for statistical or research purposes.”

GDPR Working Party 29 and their “Opinion 05/2014 on Anonymisation Techniques”

In its detailed documentation “Opinion 05/2014 on Anonymisation Techniques”, the European Article 29 Data Protection Working Party has gone more into detail on how anonymisation works in the context of the GDPR: “Accordingly, the Working Party considers that anonymisation as an instance of further processing of personal data can be considered to be compatible with the original purposes of the processing but only on condition the anonymisation process is such as to reliably produce anonymised information in the sense described in this paper.”

That means that the anonymization of data does not require the user’s consent if there was a justified reason for collecting the data beforehand.


Aircloak and Privacy


How safe is anonymisation in general?

Anonymisation removes the personal identifier in a data set, so it is not possible anymore to draw conclusions about individual persons in that record. Individual information about persons can no longer (or only with an disproportionately high effort) being retrieved by attackers.

Although anonymisation cannot provide a 100% guarantee that the data can no longer be decoded, according to the GDPR anonymised data no longer fall under data protection and can be used for analysis and research purposes.


Where is the difference between Pseudonymisation and Anonymisation?

In contrast to anonymisation, a pseudonymized data set allows the identification of individuals if someone has access to other data sources that make this conclusion possible.Pseudonymization involves replacing the data in personally identifying fields with a seemingly random number or text. For instance, fields like name, address, credit card number, and so on are all replaced with a single random value.

Simply replacing the data in these fields does not make it impossible to re-identify individuals in a pseudonymized data set. With a little additional knowledge about the user in the data set — for instance knowledge of the dates of several doctor visits for a medical data set — it can be easy to re-identify pseudonymized users.


Where is the data stored at Aircloak?

Aircloak does not store your data at any time. It is a simple proxy sitting between the analyst and the database. The queries that the analysts enter via our proxy are send encrypted and recieved encrypted and anonymized.

Can the Aircloak team access my sensitive customer data?

No, never. All sensitive data remains completely under customer control. The implementation can be completely done by the customer. Aircloak’s team never needs to have access to the secure network, even not for version control. There is no commisioned data processing taking place.

How is Aircloak’s privacy policy handled?

One of our core values is that we want to enable a responsibe and succesful handling of personal data. Our solution is developed according to the privacy by design and by default principles and we meet the highest data protection requirements. We are committed to the further development of data protection rights and are members of various committees and working groups.

What kind of certifications does Aircloak Insights hold?

At the moment there are no official certifications for anonymization solutions. However, the French data protection authority CNIL has examined and confirmed the funtionality of Aircloak according to the defined specifications for anonymisation by the EU Working Party 29. We are happy to send you the offical document upon request.

To continously evaluate the performance of Aircloak Insights, Aircloak has launched the Attack Challenge. It is the first bug bounty program worldwide for anonymisation solutions. Potential security gaps are closed in regular security updates.