Anonymise

The Zeeuws Archief must comply with the provisions of the GDPR and the Archives Act when publishing information. To check whether the information has been properly anonymised, the Zeeuws Archief uses AQL audits. The Zeeuws Archief has collaborated with external partners to anonymise transcripts. However, this collaboration did not result in a successful AQL sample.

The algorithm developed recognises personal names, national insurance numbers and email addresses, and subsequently anonymises them. The process takes place on an internal server accessible only to authorised users. The algorithm has been designed to prioritise the detection of ‘false positives’. This limits the risk of failing to anonymise data. However, it does result in more ‘false negatives’ (too much information is redacted).

The algorithm’s output is checked against a sample before the document is published. If the sample does not meet the required standard, a manual correction is carried out.

The algorithm helps to reduce data breaches resulting from incorrect anonymisation. This has a positive effect on the protection of personal data, and the Zeeuws Archief maintains the highest AQL score.

There is no risk of automated decision-making. The algorithm does not affect fundamental rights, as it does not make decisions that have legal consequences. However, there is a risk that the output is not properly checked. We address this with an AQL audit. If the audit does not yield the highest score, the document will not be published. The risk of non-anonymised data leaving the Archive is reduced because we only use the algorithm internally. The benefits to privacy outweigh the risks of not using this software.

In addition, upon publication, it is stated that anonymisation is an automated process involving the use of AI. Should any errors be found, please contact the reading room.

1. The UAVG (General Data Protection Regulation Implementation Act) is the law that sets out rules on how we handle personal data.

2. The Archives Act deals with the retention of documents and data.

Face recognition is carried out using InsightFace. Recognised faces are rendered unrecognisable.

Personal data is identified using Named Entity Recognition (NER). For this purpose, three open-source models are used in succession. These models can be downloaded from HuggingFace.

Currently, these are:

- xlm-roberta-large-finetuned-conll03-english

- Davlan/bert-base-multilingual-cased-ner-hrl

- iiiorg/piiranha-v1-detect-personal-information

Recognised personal data (name, National Insurance number and email address) are blacked out in the image and replaced with the text ‘[Confidential]’ in the accompanying transcript.

The AQL sample has an inspection level of III and a sampling plan of 1.0