Anonymity: a relative and functional concept
By: Giusella Finocchiaro
November 7, 2006
Anonymous data are extremely relevant in Italian and European
legislation: in fact, these data are not subject to the laws regarding
processing of personal data. This is stated, for instance, by the
recital no. 26 of the European Directive 95/46/EC of the European
Parliament and of the Council of 24 October 1995 on the protection of
individuals with regard to the processing of personal data and on the
free movement of such data. Moreover, anonymity represents the best way
to protect privacy and personal data, as has been affirmed on several
occasion by the European Commission and the European Council.
Qualifying anonymous data is not, however, a simple operation.
Anonymous is, in the common language, a term which evokes an absolute concept: without name.
This concept of anonymity as namelessness, as the origin of the word
reveals, by definition excludes the identity of the subject to which it
That which is anonymous is therefore faceless and without identity.
Anonymity is a concept which evokes an absolute lack of connection
between a fact or an act and a person.
However, anonymity is often relative to specific facts, specific subjects and specific purposes.
A composition, for instance, may be anonymous for some but not for others, depending whether or not they know the author.
So the right to be anonymous, when recognized, refers to certain
subjects, in predefined circumstances and for specific occasions, which
can be specified by the law.
In the Italian law the anonymous data are defined as being data
which in origin or after being processed “cannot be associated with an
identified or identifiable data subject”. Data can be originally
anonymous or can be treated so as be made anonymous.
The key point of the article is the sentence “cannot be associated”.
In which cases can be deemed that data cannot be associated with a
subject? Must this be a physical or a technological impossibility?
Whether this has to be absolute or relative, has already been clarified
by the Recommendation of the Council of Europe No. R (97) 5 on medical
data protection, where it is stated that information cannot be
considered identifiable if identification requires an unreasonable
amount of time and manpower. In case where the individual is not
identifiable, the data are referred to as anonymous.
On the contrary, the definition of “personal data” as stated by
Italian Law, is “any information relating to natural or legal persons,
bodies or associations that are or can be identified, even indirectly,
by reference to any other information including a personal
identification number” , while the definition given by the European
directive is the following: “any information relating to an identified
or identifiable natural person ('data subject'); an identifiable person
is one who can be identified, directly or indirectly, in particular by
reference to an identification number or to one or more factors
specific to his physical, physiological, mental, economic, cultural or
In both definitions the criterion is not only the reference but also
the possibility to refer information to a data subject. This
referability is measured in relation to the time, cost and technical
means necessary to achieve it. The value and sensitivity of the
information should also be taken into account. For example, medical
data should require a high level of protection. Relating the
information and the subject, to which it refers is a technical
possibility; however the legality of this depends on legal and
Relativity is therefore central to the definition: data can be anonymous for some, but not for others.
Likewise for functionality, data can be anonymous for certain uses but others not so.
In conclusion, as personal data can be legally processed only for
specified purposes by authorised persons, data can be anonymous only
for certain people under pre-defined conditions. Therefore anonymity in
processing of personal data is not an absolute concept: it is, instead,
a relative and functional concept.
Giusella Finocchiaro is a Professor of internet law and private law at the University of Bologna, Italy.