Between nuance and caution: how to read the CJEU in EDPS v SRB
Between nuance and caution: how to read the CJEU in EDPS v SRB
The author analyses the recent ruling of the CJEU in the case EDPS v SRB. She highlights the broader implications for data protection practice, advocating for a principle-based approach to anonymisation while warning against two key pitfalls:
• First, formulating a test that disregards established de-identification techniques and statistical disclosure control methods. Although the ‘means’ test for identifiability is grounded in a standard of reasonableness, it is important not to undermine the framework by reducing it to a casuistry based merely on subjective judgment calls.
• Second, adopting a formalistic definition of personal data that downplays the impact of singling out in potentially harmful contexts, such as profiling or taking action in relation to individuals. Identifiability rests on two factors: whether individuals can be distinguished from one another (distinguishability), and whether additional identifying information is accessible that could then be associated with person-level data and reveal their identity (accessibility). Because assessing accessibility often relies on threat modelling assumptions, given the difficulty of precisely mapping the information a situationally relevant attacker might possess, it is more appropriate to focus on distinguishability only when the potential for harm to data subjects is significant.
The author also shows how to reconcile the EDPB guidelines on pseudonymisation with the CJEU ruling.
6-10
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
October 2025
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Stalla-Bourdillon, Sophie
(2025)
Between nuance and caution: how to read the CJEU in EDPS v SRB.
Privacy and Data Protection, 26 (1), .
Abstract
The author analyses the recent ruling of the CJEU in the case EDPS v SRB. She highlights the broader implications for data protection practice, advocating for a principle-based approach to anonymisation while warning against two key pitfalls:
• First, formulating a test that disregards established de-identification techniques and statistical disclosure control methods. Although the ‘means’ test for identifiability is grounded in a standard of reasonableness, it is important not to undermine the framework by reducing it to a casuistry based merely on subjective judgment calls.
• Second, adopting a formalistic definition of personal data that downplays the impact of singling out in potentially harmful contexts, such as profiling or taking action in relation to individuals. Identifiability rests on two factors: whether individuals can be distinguished from one another (distinguishability), and whether additional identifying information is accessible that could then be associated with person-level data and reveal their identity (accessibility). Because assessing accessibility often relies on threat modelling assumptions, given the difficulty of precisely mapping the information a situationally relevant attacker might possess, it is more appropriate to focus on distinguishability only when the potential for harm to data subjects is significant.
The author also shows how to reconcile the EDPB guidelines on pseudonymisation with the CJEU ruling.
This record has no associated files available for download.
More information
Published date: October 2025
Identifiers
Local EPrints ID: 506806
URI: http://eprints.soton.ac.uk/id/eprint/506806
ISSN: 1473-3498
PURE UUID: ea7a4017-6d9a-4abe-a6e8-417e397fa24d
Catalogue record
Date deposited: 18 Nov 2025 18:00
Last modified: 19 Nov 2025 02:44
Export record
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics
