The following defines attempted and successful anonymization, presumed anonymous data, as well as successfully and presumably anonymized data.
The term anonymization techniques is used relatively loosely in the literature in the sense that it does not guarantee that the resulting data are indeed anonymous. To more precisely capture the “success state” of anonymization attempts, the following definitions distinguish two concepts of “anonymization”:
|Definition: (Successful) anonymization
Anonymization is a transformation that takes personal data as input and yields (“truly”) anonymous data as output. The “success state” (that identification of data subjects in the anonymous data is no longer possible) is reached.
This definition is visualized in Figure 20.
Figure 20: Anonymization.
Note that the use of the term anonymization thus implies the successful reaching of the necessary “success state”. Since the determination of the “success state” is often very difficult, a second concept that more closely matches actual practice is defined in the following:
|Definition: Attempted anonymization or anonymization attempt
An attempted anonymization or an anonymization attempt is a transformation that takes personal data as input and yields presumedanonymous data as output. It remains unclear whether the “success state” of anonymity has indeed been reached.
This definition is visualized in
Figure 21: Attempted anonymization.
The above definition uses the term presumed anonymous data that is defined in the following:
|Definition: Presumed anonymous data
Presumed anonymized data is data that is thought of being anonymous but where, due to uncertainty in the determination of the necessary “success state”, a certain risk exists that the data are actually still personal.
Note that to more explicitly distinguish anonymous from presumed anonymous, the term “truly” anonymous can be used. “Truly” anonymous does not add anything to anonymous. In fact, it emphasizes that it is not just presumed anonymous.
The term anonymized data can be used to express that “truly” anonymous data has been created as the result of a successful anonymization:
|Definition: (Successfully) anonymized data
Anonymized data is “truly” anonymous data that results from successful anonymization.
Should there be any doubt about the success of the attempted anonymization, the term presumably anonymized data can be used:
|Definition: Presumably anonymized data
Presumably anonymized data is presumed anonymous data that results from an anonymization attempt.