Anonymisation software

The anonymisation software is used to anonymise documents published by the municipality faster and better. In this way, we prevent data leaks and contribute to better protection of data subjects' AVG rights.

The municipality increasingly has to disclose information. Therefore, privacy- or business-sensitive information has to be lacquered out. Before the algorithm was deployed, this deleting did not always go well. There were data leaks where not all personal data was deleted or where deleted information could still be read. The advantage of anonymisation software is that anonymisation is faster and better. The disadvantage is that the text layer of the document is analysed by a Microsoft Azure server. The content is not stored on this server, so the privacy risk of using the algorithm does not outweigh the privacy benefit of reducing the number of data breaches due to improper anonymisation.

The outcome of the algorithm is checked by an employee. The clerk is required by the software to check all pages. The clerk determines whether the document is correctly anonymised.

There is no risk of automated decision-making and the algorithm has no impact on fundamental rights because the algorithm does not make decisions with legal consequences. It only suggests anonymising personal data. The algorithm is also used by the developer himself, so errors are quickly found. In addition, the algorithm is trained periodically. At the request of our organisation, our documents are not used to train the algorithm. If the algorithm does not work well enough, we can make adjustments with black- and whitelists. The municipality's employee always does the final check whether a document is correctly anonymised. There is a risk that employees do not check properly; we mitigate this by paying attention to the importance of carefully checking the personal data found by the algorithm. The last remaining risk is the privacy risk of using Azure. Because Microsoft may be required to hand over data it processes to US authorities because of the Patriot Act. To mitigate these risks, the vendor has implemented privacy by default. Text sent by the API in synchronous or asynchronous calls to the Azure service may be temporarily stored by Azure for debugging. But the vendor has disabled this option. This limits the risk. Immediately after being processed by Azure, the data and data processing is deleted. Furthermore, the supplier is ISO 27001 certified. The risks do not outweigh the privacy benefits and the risk of poor anonymisation by not using this software.

1. WOO 2. WCO 3. UAVG 4. WEP 5. WDO

All information found in the uploaded documents (except metadata) is processed by the algorithm. This may include ordinary personal data, special personal data and criminal data. It may also include business-sensitive information.

Documents are uploaded to the application by an employee. At that point, a copy is made of the original in the form of a PDF with text layer and the metadata of the original document is removed from the copy. This copy ends up on a Dutch server and remains there for a maximum of 30 days. The text layer of the PDF is offered to the machine learning algorithm through an API. This is a Natural Language Processing algorithm (named entity recognition) from Microsoft Azure. The API returns at which location in the analysed texts a personal data is likely to occur, along with the probability score (a percentage). At that point, Azure immediately removes the text layer. The probability score is used along with vendor-developed proprietary ai models to make the recognition of personal data as accurate as possible. The models are trained using, among others, the following trained datasets as CoNLL-2003, UD Dutch LassySmall v2.8, Dutch NER Annotations for UD LassySmall and UD Dutch Alpino v2.8. Minimum key figures for the accuracy of identifying personal data are as follows: Named entities (precision): 0.78, Named entities (recall): 0.76, Named entities (F-score): 0.77.Finally, a staff member checks the document and when it completes the document, the data to be anonymised is permanently removed from the text layer and a black bar is placed.