Certified technology

Retency deep anonymization technology is certified as fully compliant to European Community's anonymization criteria set forth by the Privacy regulators.

Context

A set of personal data is de-identified (or deeply anonymized) when it is impossible to deduct, directly or indirectly, any individual information. In contrary to a popular belief, pseudonymization (hashing of direct identifiers such as name or email address) is not a deep anonymization method.

In its 05/2014 opinion, the G29 group of European Privacy regulators defined three privacy guarantees that must be provided by any true anonymization technique:

In the same document, the G29 also declared that anonymization is not achieved by commonly used techniques such as pseudonymization of even destruction of primary identifiers, data generalization (K-anonymity, L-diversity) or noise addition.

True anonymization, compliant to G29 criteria, is a much more demanding data science objective.

Retency

Retency was granted a positive assessment of its core anonymization process as compliant to all three G29 criteria, in the context of collecting and processing personal geo-localizing identifiers without individual consent. It is the same core technology that is used within Retency Privacy Engine.

A summary table is provided below. It contains: