EFAMRO and ESOMAR have submitted a response to the European Data Protection Board’s Consultation on Guidelines 01/2025 on Pseudonymisation.
The Consultation Response address:
-
Support for the Guidelines: EFARMO welcome the guidelines but call for clearer, more specific guidance on safeguarding, compliance measures, technical protocols, and international data transfers, especially in layman’s terms for non-experts.
-
Clarifications on Legal Aspects:
-
Pseudonymised data remains personal data under GDPR, even when it can’t be directly linked to individuals.
-
Pseudonymisation can reduce risks and potentially help justify legitimate interest as a lawful basis for data processing.
-
-
Practical Application in Market Research:
-
The guidelines stress the need for risk assessment in data handling and traceability across the research supply chain.
-
Emphasis on ensuring pseudonymised data remains secure when shared with third parties, while still allowing re-identification when necessary.
-
-
International Data Transfers:
-
Pseudonymisation can reduce risks in cross-border data transfers, but further clarification is needed on its effectiveness and whether it can replace stronger protections like standard contractual clauses.
-
-
Quasi-Identifiers: The document also addresses the importance of handling quasi-identifiers (e.g., demographic data) to prevent re-identification of individuals during market research.