United Kingdom: Information Commissioner's Office adopted guidance on anonymisation techniques for data protection

On 28 March 2025, the Information Commissioner's Office (ICO) adopted a guidance on anonymisation under the United Kingdom's data protection framework. The guidance addresses the use of anonymisation and pseudonymisation by organisations processing personal data, including in sectors such as healthcare, artificial intelligence development and public sector transparency. In particular, the guidance sets out the distinction between anonymisation and pseudonymisation, outlines the concept of identifiability, and introduces the motivated intruder test for assessing the risk of re-identification. It describes techniques such as suppression, generalisation, hashing, and provides information on their application in data processing contexts. It also includes provisions on governance and accountability, including documentation practices, risk assessments and the use of privacy impact assessments. Examples from different sectors are included to illustrate implementation in practice.