PVML has emerged from stealth mode with an $8 million seed funding round! Read more here.

Differential Privacy: what is Art. 29 WP really saying about data anonymization?

Differential Privacy: what is Art. 29 WP really saying about data anonymization?

In the ever-expanding digital landscape, where processing personal data is both a valuable resource and a potential threat to privacy, the concepts of data anonymization and efficient anonymization processes have emerged as crucial safeguards. At the heart of this discussion lies the interpretation of Art. 29 WP, a significant player in the realm of data anonymization. In this article, we delve into the intricacies of differential privacy (a very efficient data anonymization process) and explain what Art. 29 WP truly says about the advantages and the risks of data anonymization techniques.

In this article:

  • Art 29 Working Party: Guardian of Data Protection
    • Introduction to Art 29 WP and Role in Data Protection
    • Data Anonymization Definition and Core Principles
    • Art 29 WP Guidelines
  • Understanding Differential Privacy
    • Mechanism and Techniques
    • Art 29 WP and Differential Privacy
    • Limitations and risks
  • Critiques and Controversies
    • Evaluation of Art. 29 WP Guidelines and Alternative Perspectives on Differential Privacy
  • Conclusions

Art. 29 WP: Guardian of Data Protection

Introduction to Art. 29 WP and its Role in Data Protection

The Article 29 Working Party (Art. 29 WP) serves as an advisory body composed of representatives from the data protection authorities of European Union member states.1 Its primary objective is to offer expert guidance on data protection and privacy matters. With a focus on the dynamic field of data anonymization and data anonymization techniques, the Art. 29 WP provides valuable insights into best practices and potential challenges.

Data Anonymization Definition and Core Principles

First of all, let’s delve into why the topics of data anonymization and data anonymization techniques are so important. To anonymize means “to remove identifying information so that the original source cannot be known.” 2 Contrary to pseudonymization 3, where data that have gone through such a process remain personal data, anonymized data are not subject to GDPR. When data is anonymized, “all links to identifying the person are broken,” 4 and with that, “the data subject is not or no longer identifiable.” 5 Therefore, anonymized data can not only mitigate risks but also enjoy the benefit of being exempt from the GDPR.

Broadly speaking, anonymization techniques can be traced back to two different approaches: randomization and generalization. 6 Differential privacy falls in the randomization method.

At its core, differential privacy is a mathematical framework that seeks to protect the privacy of individuals in a dataset by adding a controlled amount of noise to the results of statistical queries or analyses. This noise is calibrated to prevent the identification of specific individuals within the dataset while still providing meaningful aggregate information. In the following section, we will explain exactly how it works.

Art 29 WP Guidelines

The guidelines issued by Art. 29 WP serve as a roadmap for organizations navigating the intricate terrain of data anonymization. Notably, in Opinion 05/2014, the Art. 29 WP conducts an analysis of the effectiveness and limitations of existing data anonymization techniques in alignment with the General Data Protection Regulation (GDPR).7 The opinion furnishes recommendations for handling these techniques, taking into consideration the residual risk. These recommendations encompass aspects such as the requisite level of anonymization, the role of consent, and the importance of ongoing risk assessments. In the realm of differential privacy, the recommendations put forth by Art. 29 WP significantly influence the development of best practices. While expressing belief in the concept of anonymization, Art. 29 WP acknowledges the inherent challenges in achieving complete anonymization.

The Opinion further delves into the robustness of each anonymization technique, evaluating them against three key criteria (which we will further discuss in detail below in Section Art 29 and Differential Privacy):

  1. The possibility of singling out an individual within a dataset
  2. The potential to link records pertaining to an individual, whether within a dataset or across separate datasets
  3. The likelihood of inferring information about an individual from the dataset.

A truly effective data anonymization technique should prevent all parties from singling out an individual in a dataset, linking records within a dataset (or between datasets), and inferring any information about an individual from the dataset. 8

Understanding Differential Privacy

Mechanisms and Techniques

Differential privacy, at its core, is a mathematical framework that seeks to protect the privacy of individuals in a dataset by adding a controlled amount of noise to the results of statistical queries or analyses. This noise is calibrated to prevent the identification of specific individuals within the dataset while still providing meaningful aggregate information. In the following section, we will explain exactly how it works.

Differential privacy finds widespread application in contexts involving the handling of sensitive information, such as healthcare, finance, and social science research. Its significance has grown in response to the escalating demand for striking a balance between the advantages of data analysis and the safeguarding of individual privacy (refer to the “Privacy Gradient” section in the article titled “The Most Common Data Anonymization Techniques”).

Comprehending the fundamental principles of differential privacy is crucial for recognizing its importance. The central concept is to complicate the task of an observer trying to discern whether a specific individual’s data is part of the dataset. Key components like noise injection, randomized response, and epsilon-delta privacy assume crucial roles in implementing this anonymization technique.

Here’s a simplified breakdown of how differential privacy operates: individuals contribute their data to a dataset, such as the US census, which undergoes analysis or computation. This data may include sensitive details, and the objective is to shield the privacy of individual contributors. To achieve this, the data analysis process introduces randomness or noise, essentially transforming it into a data anonymization process. For instance, each data point may undergo modification by the addition of a random value (referred to as a randomized response).  This random value ensures that the analysis result is not directly tied to any specific individual data point.  There are two main approaches to noise addition: (1) adding noise directly to the data and – (2) introducing noise to the analysis result. It is important to note that the latter is considered superior because the total amount of noise required to mask an individual is significantly less than when noise is added to each data point. The degree of noise introduced is governed by a privacy parameter denoted as epsilon (ε). A smaller epsilon value enhances privacy but may yield less accurate results, while a larger epsilon allows for greater accuracy at the expense of reduced privacy. Subsequently, the perturbed dataset, now containing noisy data, is aggregated, and the analysis is conducted on this modified dataset. Despite the added noise, the aggregated results should still yield meaningful insights into overall data trends and patterns.

By integrating randomness and meticulously controlling the level of noise, differential privacy offers a rigorous and quantifiable privacy metric applicable to diverse algorithms and systems. Its applications extend to various domains, including machine learning, statistics, and data science, where privacy is of paramount concern.

Art 29 WP and Differential Privacy

In accordance with Opinion 05/2014, the Article 29 Working Party (Art. 29 WP) applies specific criteria to assess the application of the requirements to differential privacy:

  • Singling out: Art. 29 WP suggests that if only statistics are output and well-chosen rules are applied to the set, it should not be possible to use the answers to single out an individual.
  • Linkability: the potential for linking entries related to a specific individual between two answers becomes a concern when multiple requests are used.
  • Inference: the possibility of inferring information about individuals or groups arises when multiple requests are employed.

In response to these considerations, Art. 29 WP outlines key principles for the implementation of differential privacy:

  • Noise Addition Techniques: It emphasizes the importance of using sophisticated noise addition techniques to ensure that injected randomness does not compromise the usefulness of the data for legitimate analysis.
  • Thresholds and Aggregation: The establishment of appropriate thresholds and the aggregation of data are deemed crucial to prevent the identification of specific individuals while maintaining the overall integrity of the dataset.
  • Informed Consent: Art. 29 WP emphasizes the paramount importance of obtaining informed consent when applying differential privacy measures. Transparency in how data is collected, processed, and protected is highlighted.

However, Art. 29 WP acknowledges challenges and criticisms associated with the implementation of differential privacy:

  • Utility vs. Privacy Trade-off: striking the right balance between data utility and individual privacy remains a challenge. Introducing noise to enhance privacy may diminish the accuracy of analyses.
  • Algorithmic Complexity: Art. 29 WP recognizes the complexity of implementing differential privacy algorithms and calls for organizations to invest in robust, well-tested solutions to avoid unintended vulnerabilities.

In summary, while differential privacy holds promise for enhancing privacy in data analysis, Art. 29 WP underscores the importance of careful consideration and implementation of techniques to address the trade-offs and challenges associated with its application.

Limitations and Risks

The conclusion from Opinion 05/2014 underscores the nuanced nature of anonymization techniques in the context of privacy protection. While no technique is without inherent shortcomings, each method can offer privacy guarantees if appropriately applied. The success of anonymization processes hinges on careful engineering, with a clear delineation of prerequisites, context, and objectives.

Key takeaways from the conclusion include:

  • No Silver Bullet: there is no one-size-fits-all solution or silver bullet in the realm of anonymization. The effectiveness of a technique depends on the specific case, context, and the defined objectives of the anonymization process.
  • Appropriate Application: anonymization techniques, whether belonging to the data randomization or generalization families, can be effective when applied appropriately. The appropriateness is determined by aligning the technique with the specific circumstances and goals of the anonymization process.
  • Balancing Anonymization and Data Utility: the challenge lies in achieving the targeted anonymization while still producing useful data. Striking the right balance between privacy protection and data utility is essential for the success of anonymization processes.
  • Residual Risk: importantly, no solution can provide complete anonymization, and there is always a residual risk. Acknowledging and managing this residual risk is a critical aspect of privacy protection strategies.

In summary, the conclusion emphasizes the need for a thoughtful and context-specific approach to anonymization, recognizing that the choice between data randomization and generalization depends on the unique circumstances of each case. Balancing the trade-off between privacy and data utility is an ongoing challenge, and effective anonymization requires a nuanced understanding of the specific goals and constraints in play.

Based on the opinion, the following chart compares the main anonymization techniques based on linkability, inference, and singling out. It is apparent that differential privacy stands out as the sole anonymization technique with the greatest likelihood of mitigating all three risks. It is noteworthy that Art. 29 WP characterizes this as a “MAY not” scenario, emphasizing that differential privacy is a methodology. Consequently, the effectiveness and capabilities of this approach are intricately tied to its specific implementation. It is crucial to recognize that achieving the desired outcomes with differential privacy is neither simple nor straightforward, particularly when relying on publicly available algorithms.

Is Singling out’

still a risk?

Is Linkability

still a risk?

Is Inference still a


Pseudonymisation Yes Yes Yes
Noise Addition Yes May not May not
Substitution Yes Yes May not
Aggregation or K-anonymity No Yes Yes
L-diversity No Yes May not
Differential Privacy May not May not May not
Hashing/Tokenization Yes Yes May not

(source table 6 Opinion 05/2014)

Critiques and Controversies

Evaluation of Art. 29 WP Guidelines and Alternative Perspectives on Differential Privacy

The discussion around Art. 29 WP’s guidelines and the broader landscape of data anonymization reflects the complexities and diverse perspectives within the industry. The critiques range from concerns about stifling innovation due to stringent anonymization requirements to suggestions that the recommendations might not go far enough in safeguarding individual privacy.

In the evolving conversation on data anonymization techniques, there is a growing recognition that achieving a completely risk-free anonymization process is challenging. Therefore, researchers are shifting their focus towards quantifying the residual amount of information that can still be learned even after applying various anonymization techniques. This reframing of the issue moves from determining when data is fully anonymized (addressing singling out, linkability, and inference) to measuring the loss of privacy when data is released.

Differential privacy is gaining prominence as a valuable tool for assessing information disclosure and finding a balanced equilibrium between problem-solving and protecting individual privacy. It is increasingly considered the gold standard in the field of anonymization. Differential privacy stands out by focusing on the process rather than just the result. It considers the guarantees a particular algorithm can provide by continuously measuring the information released through the algorithm itself. 9

The approach of differential privacy, as highlighted by Dwork et al.,10 offers advantages in analyzing data, sharing data, monetizing data, and publishing insights. This shift to process-oriented evaluation provides a more flexible and adaptive framework, contributing to ongoing efforts to strike an optimal balance between data utility and privacy protection.11


In conclusion, differential privacy emerges as a promising approach in the realm of data protection, supported and guided by Art. 29 WP. As organizations confront the complexities of this paradigm, a nuanced grasp of the guidelines becomes paramount. When implemented thoughtfully, differential privacy has the potential to transform the way we reconcile data utility and individual privacy in an increasingly data-centric environment.

As technology continues to progress, the enduring influence of Art. 29 WP on differential privacy remains significant. Stakeholders must remain vigilant, adapting their practices to align with evolving guidelines, ensuring a future that preserves privacy while harnessing the potential of a data-rich landscape.

Real-time Analytics with PVML

PVML allows analysts to dive into real-time, online data without the worry of compromising privacy. This is done with mathematical models and differential privacy to ensure both privacy and practicality. Learn More

1 The Article 29 Working Party (Art. 29 WP) was an independent European Union advisory body on data protection and privacy. The composition and purpose of Art. 29 WP was set out in Article 29 of the Data Protection Directive (Directive 95/46/EC), and it was launched in 1996. It was replaced by the European Data Protection Board (EDPB) on 25 May 2018 in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). Source https://en.wikipedia.org/wiki/Article_29_Data_Protection_Working_Party
2 From Merriam-Webster Dictionary
3 Pseudonymization is defined as “personal data that cannot be attributed to a specific data subject without the use of additional information, as long as such information is kept separately and subject to technical and organizational measures to ensure non attribution.” The European Parliament legislative resolution of 12th March 2014.
4Council of Europe (CoE) 2018 “Handbook on European data protection Law.” Publication Office of the European Union, Luxemburg p.83.
5 Regulation (EU) 2016/679 recital 26.
6 Randomization encompasses a set of methodologies aimed at distorting the accuracy of data to sever the robust connection between the data and the individual. On the other hand, generalization involves broadening or diluting the attributes of data subjects by adjusting their scale or order of magnitude.https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf
7 See Note 5.
8 Singling out refers to the potential capability to isolate specific records or all records within a dataset that uniquely identify an individual. Linkability involves the ability to connect at least two records that relate to the same data subject or a group of data subjects. Inference is the potential to deduce, with significant probability, the value of an attribute based on the values of a set of other attributes. Opinion 05/2014 https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf
9 Katharine Jarmul, Practical Data Privacy, O’Reilly 2023.
10 Dwork et al, The Algorithmic Foundation of Differential Privacy, 2014, Upenn Edu Paper, https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf
11 See note 12.

Latest blog posts

Explore Our Recent Insights and Updates.

PVML. Data Peace
Of Mind.

Experience the freedom of real-time
analytics and the power of data
sharing, all while ensuring
unparalleled privacy.