Anonymisation vs pseudonymisation
Anonymisation and pseudonymisation are often confused but have very different legal consequences. Truly anonymous data cannot be linked back to a person by any reasonable means, so it falls outside the GDPR. Pseudonymous data can be re-identified using a separately held key, so it remains personal data. Mislabelling one as the other is a common and costly error. This is educational, not legal advice.
What this means
Pseudonymisation swaps direct identifiers for tokens but keeps a re-identification path via a protected key. Anonymisation goes further: data is processed so that no individual can be singled out by any means reasonably likely to be used, with no key retained. Only the latter leaves the GDPR's scope entirely.
Why the line is hard
Anonymisation is harder than it looks, because combining 'anonymous' fields with other available data can re-identify people (the mosaic effect). Regulators assess re-identification risk by the means reasonably likely to be used, not by intent. So aggregation, removing rare-value outliers, and avoiding linkable identifiers all matter. When in doubt, treat data as personal and apply the rules — under-claiming privacy is safer than over-claiming it.
- Anonymous: no reasonable re-identification, out of GDPR scope
- Pseudonymous: key exists, still personal data
- Watch the mosaic effect across combined datasets
How it appears in analytics and logs
Calling data 'anonymised' only holds if no reasonable means of re-identification exists. If a key or linkable signals remain, it is pseudonymous and in scope.
Diagnostic use case
Classify your analytics data honestly: if re-identification is reasonably possible, it is pseudonymous and still regulated, not anonymous.
What WebmasterID can help detect
WebmasterID's aggregate-first, cookieless output is designed to avoid singling people out, the practical test that separates anonymous from merely pseudonymous data.
Common mistakes
- Labelling pseudonymised data as anonymous.
- Ignoring the mosaic effect across joined datasets.
- Assuming aggregation alone always anonymises.
Privacy and accuracy notes
The label changes your obligations, so get it right. WebmasterID aims for genuinely aggregate, non-identifying output rather than relabelling identifiable data.
Related pages
- Pseudonymisation in analytics
Pseudonymisation processes personal data so it can no longer be attributed to a specific person without additional information that is kept separately and secured. It is a recognised safeguard under the GDPR — but pseudonymised data is still personal data, not anonymous. Understanding that distinction prevents over-claiming privacy protection. This is an educational overview, not legal advice.
- Data minimisation in analytics
Data minimisation is the principle that personal data should be adequate, relevant, and limited to what is necessary for the purpose. In analytics it translates to: do not collect identifiers you will not use, prefer aggregates over per-person rows, and avoid storing precise values like full IPs. Minimising at collection beats trying to protect data you never needed. This is educational, not legal advice.
- IP anonymization in analytics
IP anonymization removes precision from a visitor's IP address — typically by zeroing the last octet of an IPv4 or the trailing bits of an IPv6 — so the stored value cannot point at one device or person. It reduces, but does not always eliminate, the personal-data character of the address. Doing it at ingest, before storage, is the stronger posture. This is educational, not legal advice.
- Privacy-first analytics
Aggregate output that avoids singling people out.
Sources and verification notes
- EUR-Lex — GDPR Recital 26 (anonymous information)Primary text on the anonymity threshold. Not legal advice.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.