Organisations should be able to process pseudonymised data without the consent of individuals, a European Parliament committee has proposed.
The Industry, Research and Energy Committee (IREC) has outlined changes it would like to see made to the European Commission’s draft Data Protection Regulation which was originally published last year. One of those changes should be to list the processing of pseudonymised data as a “legitimate interest” of data controllers, it said.
Read more on Out-Law.com
So could a business take two already self-pseudonymized databases (i.e., databases that use user-generated pseudonyms) and aggregate them and process the larger database without user consent? How exactly would this work?