Please note: The algorithm descriptions in English have been automatically translated. Errors may have been introduced in this process. For the original descriptions, go to the Dutch version of the Algorithm Register.

Anonymising personal data

The algorithm highlights personal data in documents. A member of staff must review all pages and check that the document has been properly anonymised. The software then removes all highlighted information and redacts it. The documents can then be published, for example in accordance with the Open Government Act (WOO).
Last change on 14th of July 2026, at 6:26 (CET) | Publication Standard 1.0
Publication category
Other algorithms
Impact assessment
Field not filled in.
Status
In use

General information

Theme

Field not filled in.

Begin date

Field not filled in.

Contact information

Datalab@emmen.nl

Responsible use

Goal and impact

The anonymisation software is used to anonymise documents published by the local authority more quickly and effectively. In this way, we prevent data breaches and help to better protect the GDPR rights of data subjects.

Considerations

Local authorities are increasingly required to make information public. For this reason, privacy-sensitive or commercially sensitive information must be redacted. Before the algorithm was introduced, this redaction process did not always go smoothly. Data breaches occurred in which not all personal data had been redacted, or where redacted information could still be read. The advantage of the anonymisation software is that it anonymises data more quickly and effectively. The disadvantage is that the text layer of the document is analysed by a Microsoft Azure server. The content is not stored on this server, meaning that the privacy risk associated with using the algorithm is outweighed by the privacy benefit of reducing the number of data breaches caused by incorrect anonymisation.

Human intervention

The algorithm’s output is checked by a member of staff. The software requires the member of staff to check all pages. The member of staff determines whether the document has been correctly anonymised.

Risk management

There is no risk of automated decision-making and the algorithm has no impact on fundamental rights, as it does not make decisions with legal consequences. It merely makes a proposal for the anonymisation of personal data. The algorithm is also used by the developer themselves, which means that errors are identified quickly. In addition, the algorithm is trained periodically. At our organisation’s request, our documents are not used to train the algorithm. If the algorithm does not perform well enough, we can make adjustments using blacklists and whitelists. A local authority staff member always carries out the final check to ensure that a document has been anonymised correctly. There is a risk that staff may not carry out checks properly; we mitigate this by emphasising the importance of carefully checking the personal data identified by the algorithm. The final remaining risk is the privacy risk associated with the use of Azure. This is because Microsoft may be required to hand over data it processes to the US authorities under the Patriot Act. To limit these risks, the supplier has implemented ‘privacy by default’. Text sent by the API to the Azure service via synchronous or asynchronous calls may be temporarily stored by Azure for debugging purposes. However, the supplier has disabled this option, which reduces the risk. Immediately after processing by Azure, the data and the data processing records are deleted. Furthermore, the supplier is ISO 27001 certified. The risks do not outweigh the privacy benefits and the risk of inadequate anonymisation that would result from not using this software.

Legal basis

1. WOO 2. WDO 3. UAVG 4. WEP 5. WDO

Links to legal bases

  • Woo: https://wetten.overheid.nl/BWBR0045754/
  • WDO: https://eur-lex.europa.eu/legal-content/NL/TXT/HTML/?uri=CELEX:31995L0046
  • UAVG: https://wetten.overheid.nl/BWBR0040940
  • Wep: https://wetten.overheid.nl/BWBR0043961
  • Wdo: https://wetten.overheid.nl/BWBR0048156

Operations

Data

All information contained in the uploaded documents (with the exception of the metadata) is processed by the algorithm. This may include ordinary personal data, special categories of personal data and criminal records. It may also include commercially sensitive information.

Technical design

Documents are uploaded to the application by a member of staff. At that point, a copy of the original is created in the form of a PDF with a text layer, and the metadata from the original document is removed from the copy. This copy is stored on a server in the Netherlands and remains there for a maximum of 30 days. The text layer of the PDF is fed to the machine learning algorithm via an API. This is a Natural Language Processing algorithm (named entity recognition) from Microsoft Azure. The API returns the likely location within the analysed text where personal data may appear, together with a probability score (a percentage). At that point, the text layer is immediately deleted from Azure. The probability score is used in conjunction with the supplier’s own AI models to ensure that the recognition of personal data is as accurate as possible. The models are trained using, amongst others, the following training datasets: CoNLL-2003, UD Dutch LassySmall v2.8, Dutch NER Annotations for UD LassySmall and UD Dutch Alpino v2.8. The minimum performance metrics for the accuracy of identifying personal data are as follows: Named entities (precision): 0.78, Named entities (recall): 0.76, Named entities (F-score): 0.77. Finally, a member of staff checks the document and, once they have finalised it, the data to be anonymised is permanently removed from the text layer and a black bar is inserted.

External provider

xxllnc

Similar algorithm descriptions

  • The algorithm highlights personal data in documents. A member of staff must review all pages and check that the document has been properly anonymised. The software then removes all highlighted information and redacts it. The documents can then be published, for example in accordance with the Open Government Act (Woo).
    Last change on 18th of June 2026, at 12:43 (CET) | Publication Standard 1.0
    Publication category
    Other algorithms
    Impact assessment
    DPIA
    Status
    In use
  • The algorithm underlines personal data in documents. An employee has to review all the pages and check whether the document is properly anonymised. Then the software removes all highlighted information and blacklists it. After that, the documents can be published, for example under the Open Government Act (WOO).
    Last change on 20th of November 2024, at 10:04 (CET) | Publication Standard 1.0
    Publication category
    Other algorithms
    Impact assessment
    Field not filled in.
    Status
    In use
  • The algorithm underlines personal data in documents. An employee has to review all pages and check whether the document is properly anonymised. Then the software removes all highlighted information and blacklists it. After that, the documents can be published, for example under the Open Government Act.
    Last change on 30th of October 2025, at 9:58 (CET) | Publication Standard 1.0
    Publication category
    Other algorithms
    Impact assessment
    DPIA
    Status
    Out of use
  • The algorithm underlines personal data in documents. An employee has to review all pages and check whether the document is properly anonymised. Then the software removes all highlighted information and blacklists it. After that, the documents can be published, for example under the Open Government Act.
    Last change on 4th of July 2024, at 10:21 (CET) | Publication Standard 1.0
    Publication category
    Other algorithms
    Impact assessment
    DEDA, DPIA
    Status
    In use
  • The algorithm underlines personal data in documents. An employee has to review all pages and check whether the document is properly anonymised. Then the software removes all highlighted information and blacklists it. After that, the documents can be published, for example under the Open Government Act (WOO).
    Last change on 10th of April 2025, at 13:25 (CET) | Publication Standard 1.0
    Publication category
    Other algorithms
    Impact assessment
    DPIA
    Status
    In use