Data protection law is in danger of lagging behind technological change

John Burn-Murdoch guardian.co.uk, Friday 12 April 2013

“Law is always going to be playing catch up to technology”, says senior UK data protection lawyer, as Britain negotiates new EU data protection regulations

Data processing practices are evolving faster than the law can adapt to them, according to a senior British lawyer at an international law firm specialising in data protection.

Ask a lawyer and a database administrator for their definitions of “delete” or “anonymise” and you will quickly realise the size of the task facing legislators around the world as they seek to define and prevent irresponsible and outright criminal uses of data in 2013.

Speaking to the Guardian, Bridget Treacy, leader of UK Privacy and Information Management practice at law firm Hunton & Williams stated her belief that legislation will always be playing catch up to technology in this area, adding “that’s just the way it is”.

Among the most contentious areas of data protection law in the UK are the dual concepts of anonymisation and pseudonymisation of data.

Anonymous data is data that is in such a format that it is impossible to establish the identity of any individuals whose details are contained in a database. Pseudonymous data has had personal details removed – such as names replaced with unique ID codes – but still contains sufficiently detailed information for someone to be able to establish the identities of individuals, even if this required combining it with a second database not held by the company in question.

If data is fully anonymised, it is no longer subject to the Data Protection Act (DPA), because it no longer relates to an identified or identifiable individual. In contrast, pseudonymous data remains personal data because it is capable of being related to an identified or identifiable individual, and thus remains subject to the DPA.

Chief among the challenges facing legislators in this area is the question of whether any individual dataset can be considered truly anonymous if its owner also holds the raw, personally identifiable data from which it was created.

“How do we decide whether the data is really anonymous when we hold all of the constituent elements of it?”, asks Treacy. “If I have a list of information where I’ve replaced individuals’ names with codes, but I also have – perhaps at another location – the same list with the names instead of the codes, I have pseudonymised information, but not anonymised information, if I can link the data sets.

“Our definition of personal data in the DPA refers not just to information that is readily to hand, but also to information that you are likely to obtain, so it takes a much broader perspective. I think therefore it is quite hard for companies to seek to anonymise data but still hold the keys that unlock it. Sometimes a trusted third party can be utilised to ensure the data sets are not combined.”

Read the complete article on http://goo.gl/ZzRN0

About Shailendra Nair

AI Generalist & Executive Tech Leader in Insurance & Benefits Tech. Driving growth, trust, and resilience from AIG to Marsh McLennan. I am an AI Generalist and Executive Technology Leader with a career dedicated to reimagining how insurance and benefits ecosystems work in a digital first world. My expertise spans Insurance & Benefits Tech, digital transformation, and cybersecurity, with a proven ability to turn technology into both a growth engine and a resilience enabler. I have worked with global leaders such as PepsiCo, Allianz, AIG, and Marsh McLennan, experiences that gave me a rare mix of perspectives across insurance carriers, broking, and benefits advisory. This combination allows me to design solutions that balance global standards, local compliance, and client expectations while driving measurable business value. My strength lies in full stack insurance technology leadership, covering Property & Casualty, Life, and Benefits. I bring hands-on expertise in infrastructure, cloud, security, and enterprise architecture, combined with data platforms, AI automation, and digital ecosystems. Having led across this spectrum, I can translate complex technology into practical outcomes that deliver trust, scale, and innovation. As an AI Generalist, I focus on impact: • Building automation first operations that scale efficiently. • Designing chatbots and intelligent assistants to empower employees and clients. • Deploying AI-driven QA frameworks to improve speed and accuracy. • Exploring agentic AI roles to support compliance and transformation. My philosophy is simple: technology should reduce friction, inspire confidence, and accelerate growth. I design platforms that enhance sales, revenue, and client stickiness, proving that tech can directly enable business outcomes. At the same time, I remain deeply client centric a solution enabler who thinks out of the box to solve real challenges and deliver measurable ROI. 🌍 What excites me most is reimagining benefits ecosystems for the future of work. Employees demand seamless digital first experiences, organizations need efficiency, and regulators require trust and security. My mission is to build ecosystems that are secure, resilient, innovative, and human focused.

View all posts by Shailendra Nair →

This entry was posted in Technology and tagged Technology. Bookmark the permalink.