Data Protection: Codes of Practice

Department for Digital, Culture, Media and Sport written question – answered on 1st December 2022.

Alert me about debates like this

Photo of Lord Clement-Jones Lord Clement-Jones Liberal Democrat Lords Spokesperson (Digital)

To ask His Majesty's Government whether the report by the Information Commissioner's Office, Anonymisation: managing data protection risk code of practice, published in November 2012, (1) is still a statutory code of practice, and (2) if anonymising data only in line with the 2012 code, removes all of a data controller’s obligations under the Data Protection Act 2018.

Photo of Lord Parkinson of Whitley Bay Lord Parkinson of Whitley Bay The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

The ICO Code of Practice on Anonymisation published in November 2012 was issued under the Data Protection Act 1998. That legislation was repealed and replaced by the GDPR and the Data Protection Act 2018 in May 2018. The 2012 report is therefore no longer a valid code of practice, although information which is anonymous continues to fall outside the scope of the UK’s data protection legislation.

The ICO is currently carrying out a call for views on its new, draft guidance on anonymisation, pseudonymisation, and privacy-enhancing technologies, due to finish on 31 December 2022. This new guidance includes key considerations organisations should undertake when determining whether information can be safely considered anonymous, and therefore outside the scope of data protection legislation.

Does this answer the above question?

Yes0 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.