Anonymization

Images are rich and complex because they contain multiple visual cues, such as faces, political symbols, or indications of health status. The main challenge of anonymization is therefore to protect the identities of depicted individuals and research participants without undermining key research insights or compromising legal and ethical compliance  

From a legal and ethical standpoint, it is important to identify and define the most appropriate anonymization technique at the very beginning of the project, i.e., in the conceptual phase. Deleting, anonymizing, or pseudonymizing data entails very different compliance steps. Therefore, when thinking about whether to anonymize, pseudo-anonymize or not anonymize at all, ask yourself the following questions since the beginning of the research:

Legal issues Ethical issues

Data minimization:  

  • What kind of personal data do you need to reach the purposes of your research? 
  • How many participants are involved in the project? 

Minimizing harm:  

  • Are you confident that you can avoid or reduce potential participants’ risks associated with the images you are using and analyzing? 
  • Can you effectively safeguard the dignity, safety, and privacy of your participants, without exposing identities, cultural contexts, or sensitive information? 

Minimizing harm:  

  • Are you confident that you can avoid or reduce potential participants’ risks associated with the images you are using and analyzing? 
  • Can you effectively safeguard the dignity, safety, and privacy of your participants, without exposing identities, cultural contexts, or sensitive information? 

Data retention: 

  • For how long do you need to keep the raw data for your research purposes? 
  • When can anonymization be applied to the data? 

Research approaches:  

Attention: anonymization is not the default. It depends on the research approaches you are using. 

  • Does the research approach you are using allow the anonymization of the data you are collecting? 
  • Are you aware that different research approaches require different ways of anonymizing data, which are often complex and difficult to implement? 

Data security: 

  • Where do you keep the raw data (local servers, cloud-based repositories)? 
  • Are you planning to create one or more backup copy(ies) of the raw data? 
  • Which anonymization technique is most suitable for the raw data? 

Financial issues are to be considered at this stage. 

  

Transparency: 

  • Have you considered how and when to inform participants that their data will be deleted, anonymized, or pseudonymized? 
  • Have you created a communication channel with participants for any issues related to their right to access their data or their right to be informed about the processing of personal data? 
  

External technical solutions: 

  • Are you considering pseudonymizing or anonymizing data with the support of any third party (e.g., a software provider)? If so, check whether its terms and conditions align with the anonymization technique you intend to adopt and with other legal and ethical principles. 

Define the respective privacy roles. 

  

Privacy risk assessment: 

  • Is the pseudonymization or anonymization technique you would like to adopt aligned with the privacy risk degree you assessed? 
  • Can you envisage any positive or negative impact on the risk assessed? 
  

Once you have answered these questions, you can determine whether the data should be anonymized, pseudonymized, deleted, or not anonymized at all. If you decide to anonymize the data, the anonymization technique must already be identified at this stage, as it needs to be specified in the Data Management Plan.

Traditional ways of anonymizing images include pixelation, facial blurring techniques, cropping, using black-out-bars (black masking), ethical fabrication, or AI replicas. Not all techniques are adequate for all contexts and often need to be further refined, ideally during the research design phase.Decisions may need to be adjusted in light of reviewers’ comments and the guidance of the ethics review board. If you consider future open data practices, will the resulting anonymized visual data still be usable?  

For more information on the techniques, click on this link [link che riporta alla spiegazione delle tecniche che abbiamo messo nell’empirical phase] 

 Before concluding this phase, it is worth considering copyright issues and the degree of openness we would grant to the dataset. You will better define your decision later in the Archiving & Preservation Phase. (aggiungere link al pallino copyright della fase descritta)