Anonymise

The anonymisation software is used to give substance to transparency on the one hand and the necessary protection of the individuals and companies to whom documents relate on the other.

The alternative is manually filing away personal data. That takes too many hours and is less accurate. Increasingly, the municipality has to make information public. Therefore, privacy- or business-sensitive information has to be masked out. Before the algorithm was deployed,anonymisation did not always go correctly. Individuals had their own working methods, so it was not always done adequately and the texts were often still searchable.

The outcome of the algorithm is checked by an employee. The clerk is required by the software to check all pages. The clerk determines whether the document is correctly anonymised.

There is no risk of automated decision-making and the algorithm has no impact on fundamental rights because the algorithm does not make decisions with legal consequences. It only suggests anonymising personal data. The algorithm is also used by the developer himself, so errors are quickly found. In addition, the algorithm is trained periodically. If the algorithm does not work well enough, we can make adjustments with black- and whitelists. The municipality's employee always does the final check whether a document is correctly anonymised. There is a risk that employees do not check properly; we mitigate this by paying attention to the importance of carefully checking the personal data found by the algorithm.

Open Government Act and the AVG

All information found in the uploaded documents (except metadata) is processed by the algorithm. This may include ordinary personal data, special personal data and criminal data. It may also include business-sensitive information.

Documents are uploaded to the application by an employee. At that point, a copy is made of the original in the form of a PDF with text layer and the metadata of the original document is removed from the copy. This copy ends up on a Dutch server and remains there for a maximum of 30 days. The text layer of the PDF is offered to the machine learning algorithm through an API. This is a Natural Language Processing algorithm (named entity recognition) from Microsoft Azure. The API returns at which location in the analysed texts a personal data is likely to occur, along with the probability score (a percentage). At that point, Azure immediately removes the text layer. The probability score is used along with vendor-developed proprietary ai models to make the recognition of personal data as accurate as possible. The models are trained using, among others, the following trained datasets as CoNLL-2003, UD Dutch LassySmall v2.8, Dutch NER Annotations for UD LassySmall and UD Dutch Alpino v2.8. Minimum key figures for the accuracy of identifying personal data are as follows: Named entities (precision): 0.78, Named entities (recall): 0.76, Named entities (F-score): 0.77. Finally, a staff member checks the document and when it completes the document, the data to be anonymised is permanently removed from the text layer and a black bar is placed.