Retency deep anonymization technology was validated by the French Privacy Regulator as fully compliant to European Community's anonymization criteria.
A set of personal data is de-identified (or deeply anonymized) when it is impossible to deduct, directly or indirectly, any individual information. In contrary to a popular belief, pseudonymization (hashing of direct identifiers such as name or email address) is not a deep anonymization method.
In its 05/2014 opinion, the G29 group of European Privacy regulators defined three privacy guarantees that must be provided by any true anonymization technique:
In the same document, the G29 also declared that anonymization is not achieved by commonly used techniques such as pseudonymization of even destruction of primary identifiers, data generalization (K-anonymity, L-diversity) or noise addition.
True anonymization, compliant to G29 criteria, is a much more demanding data science objective.
Retency was granted by the French Privacy Regulator a positive assessment of its core anonymization process, as compliant to all three G29 criteria, in the context of collecting and processing personal geo-localizing identifiers without individual consent. It is the same core technology that is used within Retency Privacy Engine.
A summary table is provided below. It contains: