In contrast, Statutory Pseudonymization – as now defined in GDPR Article 4(5) – enables functional separation by requiring that you cannot re-identify individuals via linkage attacks, except with access to “additional information” that is stored separately under the control of the data controller. Traditional anonymization techniques using static (or persistent) tokens to replace repeated occurrences of identifiers within and across datasets remain vulnerable to reidentification via the Mosaic Effect. Therefore, they do not satisfy GDPR requirements for Statutory Pseudonymization necessary to achieve desired functional separation.
The European Union Agency for Cybersecurity (ENISA) has published two reports since the adoption of the new GDPR definition of Statutory Pseudonymization on best practices for compliant Pseudonymization - in November 2018 and 2019. In addition, the Article 29 Working Party Opinion 06/2014 opined that Statutory Pseudonymization - when implemented correctly - is an effective safeguard that can “play a role in tipping the balance in favour of the controller when evaluating steps taken to minimise the impact on data subjects under the Balancing of Interests Test required for Legitimate Interest processing.”