Anonymisation software DataMask

The anonymisation software is used to anonymise documents published by the province faster and better. This way, we prevent data leaks and contribute to better protection of data subjects' AVG rights.

Province of Gelderland increasingly needs to disclose information. To comply with - among other things - privacy laws when publishing, privacy- or business-sensitive information must be lacquered out. Before the algorithm was deployed, this deleting did not always go well. There were data breaches where not all personal data was deleted or where deleted information could still be read. The advantage of anonymisation software is that anonymisation is faster and better. The disadvantage is that the text layer of the document is analysed by a Microsoft Azure server. The content is not stored on this server, so the privacy risk of using the algorithm does not outweigh the privacy benefit of reducing the number of data breaches due to improper anonymisation.

The outcome of the algorithm is checked by an employee. The clerk is required by the software to check all pages. The clerk determines whether the document is correctly anonymised.

1. WOO 2. WCO 3. UAVG 4. WEP 5. WDO

DEDA & DPIA conducted by DataMask. Pre-DPIA conducted by province of Gelderland. ICO Wizard requested by province of Gelderland, completed by DataMask.

All information found in the uploaded documents (except metadata) is processed by the algorithm. This may include ordinary personal data, special personal data and criminal data. It may also include business-sensitive information.

Documents are uploaded to the application by an employee. At that point, a (temporary) copy is made of the original in the form of a PDF with text layer and the metadata of the original document is removed from the copy. This copy ends up on a Dutch server and remains there for a maximum of 30 days. The text layer of the PDF is offered to the machine learning algorithm through an API. This is a Natural Language Processing algorithm (named entity recognition) from Microsoft Azure. The API returns at which location in the analysed texts a personal data is likely to occur, along with the probability score (a percentage). At that point, Azure immediately removes the text layer. The probability score is used along with vendor-developed proprietary ai models to make the recognition of personal data as accurate as possible. The models are trained using, among others, the following trained datasets as CoNLL-2003, UD Dutch LassySmall v2.8, Dutch NER Annotations for UD LassySmall and UD Dutch Alpino v2.8. Minimum key figures for the accuracy of identifying personal data are as follows: Named entities (precision): 0.78, Named entities (recall): 0.76, Named entities (F-score): 0.77. Finally, a staff member checks the document and when it is finalised, the data to be anonymised is permanently removed from the text layer and is blacklisted.