EPA Paper: Privacy by design and anonymisation techniques in action: Case study of Ma3tch technology

EPA’s Paper entitled Privacy by design and anonymisation techniques in action: Case study of Ma3tch technology by Paolo Balboni and Milda Macenaite was published in the Computer Law & Security Review
Volume 29, Issue 4, August 2013, Pages 330–340.

Privacy by Design is now enjoying widespread acceptance. The EU has recently expressly included it as one of the key principles in the revised data protection legal framework. But how does Privacy by design and data anonymisation work in practise? In this article the authors address this question from a practical point of view by analysing a case study on EU Financial Intelligence Units (“FIUs”) using the Ma3tch technology as additional feature to the existing exchange of information via FIU.NET decentralised computer network. They present, analyse, and evaluate Ma3tch technology from the perspective of personal data protection. The authors conclude that Ma3tch technology can be seen as a valuable example of Privacy by Design. It achieves data anonymisation and enhances data minimisation and data security, which are the fundamental elements of Privacy by Design. Therefore, it may not only improve the exchange of information among FIUs and allow for the data processing to be in line with applicable data protection requirements, but it may also substantially contribute to the protection of privacy of related data subjects. At the same time, the case study clearly shows that Privacy by Design needs to be supported and complemented by appropriate organisational and technical procedures to assure that the technology solutions devised to protect privacy would in fact do so.

Privacy by design; Anonymisation; Ma3tch technology; Financial intelligence unit; Personal data protection; Personal data security; Distributed network

The Authors would like to thank Dr. Arnold Roosendaal LLM (Fennell Roosendaal Research and Advice, and TNO) for his inputs on this paper.