Summary Final Decision Art 60

No violation

Background information
Date of final decision: 29 August 2019
Legal Reference: Right to erasure (Article 17), Right to object (Article 21)

Decision: No violation
Key words: Right to erasure, Right to object, Anonymisation

Summary of the Decision

Origin of the case
In a complaint filed with the CSA, the complainant alleged that personal data in her email correspondence with the controller was published on the controller’s website without her consent.

After communicating with the LSA, the controller took action to anonymise the complainant’s first and last names from the correspondence.

The LSA invited the controller to anonymise the copies of all the letters published on its website.

No further action towards the controller was taken.

This text has been converted automatically from the PDF available via
using Apache Tika to allow for a better search. This might result in some characters being mangled.
Please see the original file for the official wording at

Please see also EDPB Copyright page

Researchers re-identify patients from a de-identified patient data set published by the Australian government

The Australian government published a de-identified open health data set in the past, which contained the patient data of a subset of the Australian population.  – The de-identification process  involved not just stripping direct identifiers, but also adding some inaccuracies to the data set. However, the data set was still at the person-level.

Researchers have been able to successfully re-identify some patients.

Continue reading “Researchers re-identify patients from a de-identified patient data set published by the Australian government”