The CJEU reviews the regulations on the processing of personal data and the right of access to files

The Court of Justice of the European Union (CJEU) is opening up the possibility of achieving data anonymisation in a much simpler way than by using the approach available up until now. The review is based on a judgment handed down in a case brought by the Single Resolution Board (JUR) against the European Data Protection Supervisor.

The legal procedure and parties’ statement in this review of a judgment are set out in an information pill issued by the team of the Office of the Data Protection Officer at the TIC Salut Social Foundation.

Some of the most relevant aspects of this review of data anonymisation include the fact that personal data transmitted to a third party may be considered anonymous provided the recipient does not have the means to identify the data subject. The fact that the issuer or intermediary providing the data has or may have the means to identify the data subjects does not mean that the transmitted data are personal data for the recipient.

A new legal interpretation of the concept of anonymisation has thus been established. The judgment makes an important distinction in how data transmitted to a third party should be processed.