Information In Practice

Legal issues of data anonymisation in research

BMJ 2004; 328 doi: (Published 27 May 2004) Cite this as: BMJ 2004;328:1300
  1. Petra Wilson, associate director (petra.wilson{at}
  1. 1European Health Management Association, Rue De La Science 4, 1000 Brussels, Belgium

    In this paper Donnan et al expertly demonstrate the value of anonymised individual data in medical research, showing that effects masked in aggregated data are clearly visible when individual data are used. However, the use of anonymised data raises interesting legal questions.

    The MEMO researchers paid careful attention to protecting patient confidentiality for the 166 000 files they used in the study, with the data being anonymised with purpose made software that was used by named staff whose employment contracts could be revoked in the event of breaches of patient confidentiality. Given the large amount of data involved, patients' individual consent could not be sought, but efforts were made to inform patients of the possible use of their medical data and their rights of privacy through the publication of a patient information leaflet. One should not assume, however, that anonymising data for medical research is a clear and simple endeavour in which all one needs to do is follow this type of best practice.

    The Data Protection Directive and the Data Protection Act

    The protection of privacy of data is regulated in all member states of the European Union by national legislation drawn up in response to the Data Protection Directive (Directive 95/46/EC), which seeks to harmonise the rules of data protection throughout the Union (all current national data protection legislation can be found at

    The Directive provides that the use of anonymised data falls outside its remit: “the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable” (Recital 26). Thus, Donnan et al correctly state that the anonymised data in their study were not subject to the Data Protection Act 1998. This point was further clarified for England and Wales in a judgment of the Court of Appeal.1

    However, neither the directive nor national law explain how the process of anonymisation of nominative data is to occur. In the United Kingdom the Office of the Information Commissioner, the regulatory authority established under the Data Protection Act 1998, has issued a guidance note on the concept of “personal data,” which states that, although anonymous data may fall outside the remit of English law, the act of anonymisation does not: “In anonymising personal data the data controller will be processing such data and, in respect of such processing, will still need to comply with the provisions of the Act.”2

    It seems then that a rather peculiar situation exists where, in order to anonymise data, one needs the consent of the data subjects.

    In the case of medical research, two ways around this issue exist. Firstly, researchers may use (and anonymise) data without prior notification of the data subjects only if they can comply with the special provisions in the data protection legislation, which provide for sensitive data to be processed for the purposes of medical research only by a health professional or a person who owes a duty of confidentiality that is equivalent to that which would arise if that person were a health professional.3 Secondly, personal data may be used for research purposes without prior consent of the data subjects if a list of rigorous requirements are followed.4

    Given the lack of clarity and the complexity of legally anonymising data, the time is ripe for regulators to address the role of anonymisation of data in medical research again. Anonymisation facilitates research and protects confidentiality, and every effort should be made to support its practice.

    Recent research shows that most European citizens generally trust healthcare providers to treat their data with due respect for confidentiality: in a recent Eurobarometer survey 84% of EU citizens reported that they trusted the medical profession in this way, although only 42% knew of the need to provide agreement for someone to use their personal information and their right to oppose some uses.5 Let us build on this trust by, on the one hand, providing good information on the use of data in medical research and, on the other, providing the proper legal framework for the use of anonymisation techniques as demonstrated by MEMO. Both at European and national level every effort should be made to make the best possible use of modern anonymisation technologies so that patients' privacy can be simply and effectively protected while vital medical research based on individual records continues.


    • Competing interests None declared.


    View Abstract