In this case, the DPA ruled that the anonymization of personal data can be used to meet the law’s data deletion requirement.

however, choose to anonymize additional personal information (last name, first name, and address) so the data could be used in ongoing analytics projects.

And, does the PI actually need to be completely deleted or can some or all of the PI be anonymized?

Additionally, CCPA doesn’t require companies to delete personal data that has been aggregated or “de-identified.” That means if they combine your data with data from other people in a way that obscures which data comes from whom, they’re allowed to keep it.

I've updated ticket description to mangle domain names.

Data minimization, anonymisation and datasecurity are mentioned as possible safeguards.73Anonymisation is the preferred solution as soon asthe purpose of the research can be achieved without the processing of personal data.

When a customer of Analytics requests IP address anonymization, Analytics anonymizes the address as soon as technically feasible at the earliest possible stage of the collection network. The IP anonymization feature in Analytics sets the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses to zeros in memory shortly after being sent to the Analytics Collection Network. For example, an IP address of 12.214.31.144 would be changed to 12.214.31.0 (if the IP address is an IPv6 address, the last 80 of the 128 bits are set to zero). The full IP address is never written to disk in this case.

When applied to metadata or general data about identification, the process is also known as data anonymization.

But whereas pseudonymisation allows anyone with access to the data to view part of the data set, encryption allows only approved users to access the full data set.

In the case of storing the data in log files, this is the case after seven days at the latest. Further storage is possible; in this case, the IP addresses of the users are erased or anonymized, so that an association of the calling client is no longer possible.

Covid-19 is an emergency on such a huge scale that, if anonymity is managed appropriately, internet giants and social media platforms could play a responsible part in helping to build collective crowd intelligence for social good, rather than profit

Article 4 of GPPR defines personal data as any information relating to an identified or identifiable natural person (‘data subject’). The definition not only covers all sorts of online identifiers (eg. networks’ IP address, device ID or cookie identifier) but also the combinations of browser characteristics that fingerprinting relies on (see: Recital 30). And since the information collected using fingerprinting allows you to identify users between sessions, it’s considered personal identifier. Hence, this technique doesn’t meet the data anonymization standards.

Google Analytics created an option to remove the last octet (the last group of 3 numbers) from your visitor’s IP-address. This is called ‘IP Anonymization‘. Although this isn’t complete anonymization, the GDPR demands you use this option if you want to use Analytics without prior consent from your visitors. Some countris (e.g. Germany) demand this setting to be enabled at all times.