LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is re-identification, and how does it relate to pseudonymization and anonymization?

Re-identification is the process of reversing pseudonymization or anonymization to link data back to a specific individual, essentially undoing the privacy protection that was applied.

Key concept:

Re-identification means going from a supposedly anonymous or pseudonymous dataset back to identifying real individuals. It's the "undo button" for privacy protection.

How re-identification happens:

  1. Direct reversal — Using the correspondence table (mapping key) in pseudonymized data
  2. Linkage attacks — Combining the anonymized dataset with external data sources that share quasi-identifiers
  3. Inference attacks — Using statistical analysis or background knowledge to deduce identities
  4. Data enrichment — Gradually adding external information until identification becomes possible

Why it matters for data protection law:

  • Pseudonymized data is still personal data under GDPR/revDSG because re-identification is possible (the mapping key exists somewhere)
  • Anonymized data falls outside data protection law only if re-identification is truly impossible
  • The threshold between "anonymous" and "pseudonymous" has massive legal implications

Tip: If someone holds a key that can map pseudonyms back to real identities, the data is pseudonymized, not anonymized — and full data protection rules still apply.

Go deeper:

From Quiz: PRIVACY / Identities, Anonymity & Data Protection Goals | Updated: Jul 05, 2026