This paper proposes a pragmatic exploration to facilitate the categorisation of personal data as anonymous, quasi-anonymous, or pseudonymous, emphasising contextualised threat modelling and proportionality over binary thresholds. Using an integrated legal analysis and system-level threat model, we map legal criteria to the design features and assess whether a privacy-preserving system like DROPS can credibly achieve anonymisation under the GDPR. This allows us to evaluate the discrepancy between the technical realities of maximising anonymisation techniques and the requirements for anonymisation stipulated by the EU data protection law corpus. The distinguishing feature of this paper is its grounding of the legal analysis in the technical architecture, thereby bridging the gap between abstract regulation and system-level design. This demonstration has the potential to serve as a model for enhancing data protection measures, particularly for entities that handle high-risk or otherwise sensitive data and for regulators to issue new concrete guidance on anonymisation.
Maltzan et al. (Wed,) studied this question.