ETD-HUB

12: Full or Pseudo Anonymisation

Asked: 4 months, 4 weeks ago By: Catalink Views: 91 Catalink Case Study: IRIS

The IRIS application requires saving driver images and heart-rate signals to create an unbiased dataset and improve personalized drowsiness detection. From a legal and ethical standpoint, would full anonymization of the data (leading to retention for up to 5 years, even after profile deletion) or pseudo-anonymization (allowing for a user-requested "right to be forgotten" delete functionality) would allow to use them without any legal implications?

18 Answers

Answered: 3 months, 1 week ago By: Chiamakaokorie
-
Answered: 3 months, 1 week ago By: Tundefasina
Yes, additional issues arise. Incidental data capture of passengers without consent creates risks of unlawful processing, lack of transparency, and proportionality violations. Ethically and legally, IRIS must implement data exclusion mechanisms, signage, and privacy-by-design measures to avoid capturing non-drivers.
Answered: 3 months, 1 week ago By: Zainabodogwu2
Passenger privacy risk → consent issues • Minimize data collection → only drivers • Notifications/visibility required
Answered: 3 months, 1 week ago By: Oliverharrow
Yes
Deleuze replied: If the data is truly anonymised, then GDPR no longer applies to that anonymised dataset, because the information no longer relates to an identified or identifiable person. GDPR Recital 26 says data protection rules do not apply to anonymous information where the individual is not, or is no longer, identifiable. However, true anonymisation is a high bar, especially for driver images and heart-rate signals. Facial images are inherently identifying unless transformed so that the person cannot reasonably be recognised or re-identified. Heart-rate signals may also be linkable to a person when combined with timestamps, vehicle ID, trip records, device IDs, demographic attributes, or other sensor data. The EDPB states that anonymised data must be rendered anonymous so the individual is not identifiable by any means reasonably likely to be used. There is also a practical conflict: if IRIS needs the data for personalised drowsiness detection, the system usually needs some continuing link to the driver. Once data is fully anonymised, it cannot support driver-specific personalisation, account-level correction, or a meaningful “delete my data” request, because the controller no longer knows which records belong to that driver. So full anonymisation may be suitable for long-term aggregate model improvement, but not for personalised modelling.
Answered: 3 months, 1 week ago By: Ngozioshoba
Full anonymization offers stronger privacy protection but may limit personalization. Personalization can be acceptable if combined with strict security and deletion rights. The priority is reducing identifiability while preserving fairness.
Answered: 3 months, 1 week ago By: Efeadelaja
Yes, capturing passengers’ biometric or health data without consent raises GDPR violations, ethical consent issues, and legal liability for the operator.
Deleuze replied: Pseudonymisation is probably the better approach for personalised drowsiness detection, because it allows the system to retain a protected link between the model data and the driver while still enabling the driver to request deletion. GDPR Article 17 gives individuals the right to erasure where, for example, the data is no longer necessary for the purpose, consent is withdrawn where consent is the lawful basis, or the data has been unlawfully processed. However, the right to erasure is not absolute, so IRIS would need a documented process for deciding when deletion must be honoured and when a lawful retention exception applies. Under the EU AI Act, if IRIS is a high-risk AI system, Article 10 is especially relevant. It permits processing special-category personal data for bias monitoring, detection, and correction only to the extent strictly necessary and subject to safeguards. That means IRIS cannot simply retain sensitive driver data because it is useful. It must show why sensitive data is needed for fairness and safety, why anonymised or synthetic data would not be sufficient, and what safeguards prevent misuse.
Answered: 3 months, 1 week ago By: Kelechinwosu
This falls under GDPR Article 9 as health data. It is ethically "intimate" because it can reveal non-target conditions like heart disease, stress, or pregnancy. Legally, the risk is that IRIS could be reclassified as a Medical Device if its primary function is monitoring physiological health.
Answered: 3 months, 1 week ago By: Beatricelorne
Yes because it is more likely that there are people who use public services that don't consent to the processing of data
Answered: 3 months, 1 week ago By: Zainabodogwu32
Deploying IRIS in taxis, buses, or other public service vehicles introduces distinct ethical and legal challenges. Passengers who are incidentally captured by cameras may have no contractual relationship with the system provider and may not have provided informed consent. Ethically, this creates an imbalance of power and undermines autonomy. Legally, it risks unlawful processing of personal data, as passengers may be recorded without a valid lawful basis. To mitigate this, IRIS would need: Strict camera positioning and masking to avoid capturing passengers. Real-time blurring or exclusion mechanisms. Clear signage and transparency notices. Failure to implement such measures could result in GDPR violations and reputational damage, even if the system’s primary purpose is driver safety.
Answered: 3 months, 1 week ago By: Miles_Hatcher
Yes. Deploying IRIs raises ethical and legal issues regarding passenger privacy and lack on consent
Answered: 3 months, 1 week ago By: Aminaolorun
Yes it is illegal
Answered: 3 months, 1 week ago By: Clarawhitby
Yes there are
Answered: 3 months, 1 week ago By: Ifeanyiakare
Consent challenges Privacy intrusion Ethical duty
Answered: 3 months, 1 week ago By: Kunleekwueme
Deploying the IRIS application in public service vehicles does raise distinct ethical and legal issues, primarily concerning data privacy and consen
Answered: 3 months, 1 week ago By: Sadeogunlana
Yes
Answered: 3 months, 1 week ago By: Tomashbrook
Yes, a lot of issues will arise.

Your Answer

Login to add your answer!

We’d love to hear your thoughts — share a meaningful answer by logging in.