Quiz Entry - updated: 2026.07.05
What is re-identification, and how does it relate to pseudonymization and anonymization?
Re-identification is the process of reversing pseudonymization or anonymization to link data back to a specific individual, essentially undoing the privacy protection that was applied.
Key concept:
Re-identification means going from a supposedly anonymous or pseudonymous dataset back to identifying real individuals. It's the "undo button" for privacy protection.
How re-identification happens:
- Direct reversal — Using the correspondence table (mapping key) in pseudonymized data
- Linkage attacks — Combining the anonymized dataset with external data sources that share quasi-identifiers
- Inference attacks — Using statistical analysis or background knowledge to deduce identities
- Data enrichment — Gradually adding external information until identification becomes possible
Why it matters for data protection law:
- Pseudonymized data is still personal data under GDPR/revDSG because re-identification is possible (the mapping key exists somewhere)
- Anonymized data falls outside data protection law only if re-identification is truly impossible
- The threshold between "anonymous" and "pseudonymous" has massive legal implications
Tip: If someone holds a key that can map pseudonyms back to real identities, the data is pseudonymized, not anonymized — and full data protection rules still apply.
Go deeper:
Data re-identification (Wikipedia) — reversal techniques and famous re-identification cases.