Opening privacy sensitive microdata sets in light of GDPR: the case of opening criminal justice domain microdata

To enhance the transparency, accountability and efficiency of the Dutch Ministry of Justice and Security, the ministry has set up an open data program to proactively stimulate sharing its (publicly funded) data sets with the public. Disclosure of personal data is considered as one of the main threats for data opening. In this contribution we argue that, according to Dutch laws, the criminal data within the Dutch justice domain are sensitive data in GDPR terms and that the criminal data can only be opened if these sensitive data are transformed to have no personal information. Subsequently, having no personal information in data sets is related to two GDPR concepts: the data being anonymous in its GDPR sense or the data being pseudonymized in its GDPR sense. These two GDPR concepts, i.e., being anonymous data or pseudonymized data in a GDPR sense, can be distinguished in our setting based on whether the data controller cannot or can revert the data protection process, respectively. (Note that the terms anonymous and pseudonymized are interpreted differently in the technical domain.) We examine realizing these GDPR concepts with the Statistical Disclosure Control (SDC) technology and subsequently argue that pseudonymized data in a GDPR sense delivers a better data utility than the other. At the end, we present a number of the consequences of adopting either of these concepts, which can inform legislators and policymakers to define their strategy for opening privacy sensitive microdata sets, like those pertaining to the Dutch criminal justice domain