Please note: The algorithm descriptions in English have been automatically translated. Errors may have been introduced in this process. For the original descriptions, go to the Dutch version of the Algorithm Register.
Anonymise
- Publication category
- Other algorithms
- Impact assessment
- DPIA
- Status
- In use
General information
Theme
Begin date
Contact information
Responsible use
Goal and impact
The anonymisation software helps the local authority to protect documents more quickly and effectively. This helps us prevent data breaches. In addition, we ensure better protection of people’s rights under the GDPR.
Considerations
The local authority needs to publish information more frequently. For this reason, sensitive information must be redacted. Before the algorithm was introduced, this redaction process was sometimes not carried out correctly. Data breaches can occur if not all personal data is redacted properly or if redacted information remains visible. The advantage of the software is that it enables faster and more effective anonymisation.
Human intervention
Risk management
There is no risk of automated decision-making, and the algorithm has no impact on fundamental rights, as it does not make decisions with legal consequences. It merely makes a proposal for the anonymisation of personal data. If the algorithm does not work well enough, we can make adjustments using what are known as white and blacklists. A local authority employee always carries out the final check to ensure that a document has been properly anonymised. There is a risk that staff may not carry out checks properly; we mitigate this by emphasising the importance of thoroughly checking the personal data identified. The final remaining risk is the privacy risk associated with Microsoft Azure. This is because Microsoft may be obliged to hand over data it processes to the US authorities under the so-called Patriot Act. To mitigate these risks, the supplier has implemented ‘privacy by default’. Immediately after processing, the data and the data processing records are deleted. Furthermore, the supplier is ISO 27001 certified. The risks do not outweigh the privacy benefits and the risk of inadequate anonymisation that would result from not using this software.
Legal basis
1. Woo. 2. WDO. 3. UAVG. 4. WEP.
Impact assessment
Operations
Data
All information contained in the uploaded documents is processed by the algorithm (with the exception of metadata). This may include ordinary personal data, special categories of personal data or criminal records. It may also include commercially sensitive information. Immediately after processing, the data and the data processing records are deleted.
Technical design
Documents are uploaded to the application by a member of staff. At that point, a copy of the original is created in the form of a PDF with a text layer, and the metadata from the original document is removed from the copy. This copy is stored on a Dutch server, where it remains for a maximum of 30 days. The text layer of the PDF is fed to the algorithm via an API. This involves a so-called Natural Language Processing algorithm from Microsoft Azure. The API returns the location in the analysed text where personal data is likely to occur, together with a probability score (a percentage). At that point, the text layer is immediately deleted from Azure. The probability score is used in conjunction with the supplier’s own AI models to ensure that the recognition of personal data is as accurate as possible.
Finally, a member of staff checks the document and, once they have completed this, the data to be anonymised is permanently removed from the text layer and a black bar is inserted.
External provider
Similar algorithm descriptions
- The algorithm underlines personal data in documents. An employee has to review all pages and check whether the document is properly anonymised. Then the software removes all highlighted information and blacklists it. After that, the documents can be published, for example under the Open Government Act (WOO).Last change on 10th of April 2025, at 13:25 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- DPIA
- Status
- In use
- The algorithm underlines personal data in documents. An employee has to review all pages and check whether the document is properly anonymised. Then the software removes all highlighted information and blacklists it. After that, the documents can be published, for example under the Open Government Act (WOO).Last change on 8th of January 2025, at 13:06 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- DPIA
- Status
- In use
- The algorithm underlines personal data in documents. An employee has to review all pages and check whether the document is properly anonymised. Then the software removes all highlighted information and blacklists it. After that, the documents can be published, for example under the Open Government Act (WOO).Last change on 3rd of February 2026, at 8:12 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- Field not filled in.
- Status
- In use
- The algorithm underlines personal data in documents. An employee has to review all pages and check whether the document is properly anonymised. Then the software removes all highlighted information and blacklists it. After that, the documents can be published, for example under the Open Government Act (WOO).Last change on 30th of October 2025, at 9:49 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- DPIA
- Status
- In use
- The algorithm underlines personal data in documents. An employee has to review all pages and check whether the document is properly anonymised. Then the software removes all highlighted information and blacklists it. After that, the documents can be published, for example under the Open Government Act (WOO).Last change on 27th of May 2026, at 7:22 (CET) | Publication Standard 1.0
- Publication category
- Other algorithms
- Impact assessment
- DEDA, DPIA
- Status
- Out of use