"anonymized PD" nor "compositions of data" cease to be personal data.

tanjimajuha20 · Post by **tanjimajuha20** » Sun Jan 19, 2025 8:30 am

Next is the regulatorspeaksthe following: "It is expected that the document will not result in significant costs to business." In addition, the document statesis comingonly about anonymized data - personal information will not be transferred, which is strictly stipulated by law.

A reasonable question arises: how can PD not be transferred if no other data in the definitions specified by law exists? That is, we are told that PD will not be transferred (and we remember that everything that can be transferred, according to the law, is personal data), and, in order not to outrage citizens, a new indonesia telegram concept of anonymized data appears in public argumentation, which is also described in quite some detaildescribedHead of the State Duma Committee on Information Policy Alexander Khinshtein.

"There is a position of our committee," Khinshtein emphasized. "We believe that until there is complete certainty and conviction among all of us that processed, anonymized, and converted into big data cannot be returned back, that is, de-anonymized, until that moment there can be no talk of transferring big data."

But, unfortunately, the facts tell us the opposite: according to the law, amendments to which were proposed by the committee itself, only personal data will be transferred to Gosozero.

Remove the contradiction

Thus, a direct logical contradiction arises both within the law and in the conceptual sense - it turns out that "Schrödinger data" are legally transferred and combined, personal and non-personal at the same time. That is, no matter how much you depersonalize the data, it will remain personal. It seems that the law still wanted to single out the category of non-personal data, but their legal status was not changed and for some reason they remain personal.

The only possible way out of this logical impasse is a legislative definition of the moment of transition of personal data into irreversibly depersonalized or anonymized data and in this regard already non-personal with the introduction of a corresponding consistent concept into the law. And when operating with such data, it is necessary to completely eliminate the risks of identifying the data subject from their depersonalized array. The corresponding methodology must be developed taking into account the existing technical and information capabilities and enshrined in regulatory documents. Only then will the law be able to solve the tasks facing it (to ensure a guarantee of the security of PD and regulate the circulation of OD) and will correspond to both the position of legislators and common sense.