This site requires Javascript to function correctly requires the use of cookies. Continued use of this site indicates that you accept this policy. More information.

Cookies and your privacy

In accordance with the ICO's EU e-Privacy Directive and to help protect your privacy we are making you aware of the use of cookies on this site.

We use these to aid in improving and maintaining our website. Cookies are used for functionality and to track visitor behaviour on this site, primarily for Google Analytics.

Google Inc are members of the US Safe Harbor Scheme. This scheme allows the transfer of data from within the EEA to countries that are outside of the EEA without having to enter into a specific data transfer agreement. Companies that sign up to the scheme are deemed to provide adequate protection for personal data transmitted from Europe.

More information on the cookies set by Google Analytics.

This site also makes use of other essential Anonymous cookies, and the site won't work as expected without them. If you don't accept these anonymous cookies some features of the site may be unavailable.'s full privacy statement.

Digital public sector news, research & engagement

Monday 11 June 2012Author: Michael Cross

ICO clears release of anonymised data - with caveats

Public bodies and others will receive the green light to publish anonymised personal data even when the individual concerned could in theory by re-identified if a code of practice published by the Information Commissioner's Office (ICO) is adopted. The code, which promises to resolve the clash between open data and privacy, is currently open for public consultation.

Christopher Graham, the information commissioner said in a press statement that he welcomed the open data agenda. "However, while the public wants to see openness, they want to see their privacy rights respected too. The risks of anonymisation can sometimes be underestimated and in other cases overstated; organisations need to be aware of what those risks are and take a structured approach to assessing them, particularly in light of other personal information in the public domain."

He said the code would "provide clear, practical advice on how data can be anonymised."

The ICO's move follows a report commissioned by the Cabinet Office which last year warned that there was no technical way to prevent data being "de-anonymised".

The ICO's guidelines say that data protection principles do not apply to data "rendered anonymous in such a way that the data subject is no longer identifiable". However they concede that the risk of re-identification through data-linkage is unpredictable "because it can never be known what data is already available or what data may be released in the future".

The guidelines propose a "motivated intruder" test for assessing the risk of releasing a particular set of data. This would be a tougher test than merely asking whether an inexpert member of the public could identify an individual - for example by matching data with the electoral roll - but less strict than considering whether "someone with access to a great deal of specialist expertise, analytical power or prior knowledge" could achieve de-anonymisation.

Last year a report for the Cabinet Office, Transparent Government, Not Transparent Citizens, by Professor Kieron O'Hara of Southampton University, warned of the ability to identify individuals from anonymised data "jigsaw identification", saying "there are no complete legal or technical fixes to the deanonymisation problem".

ICO consultation