Practical guide · GDPR

Anonymisation in the public sector: transparency, rulings and open data

8 min read

Anonymisation in the public sector sits at the friction between two duties: transparency laws push you to publish, while the GDPR requires you to protect personal data. In 2026, with transparency portals, open data and open case law, proper anonymisation is no longer optional.

What triggers the duty to anonymise

  • National transparency laws: publication must not affect third-party rights.
  • GDPR (Arts. 5, 6, 25): minimisation and data protection by design.
  • Directive (EU) 2019/1024 on the reuse of public sector information (open data).
  • Guidance from data protection and transparency authorities on active publication and access rights.

Typical use cases

Court rulings and administrative decisions

Must be published with names, IDs, addresses, licence plates and data on minors and health redacted. Courts use initials or aliases, but traces often remain in the body.

Minutes of council and board meetings

Published on municipal portals. Statements revealing personal data of third parties who are not public officials must be removed.

Contracts and case files

Active publicity requires transparency but must not expose personal data of workers, bidders or suppliers beyond what is strictly necessary.

Open datasets

Health, social and education statistics. Require re-identification assessment against external sources before publication.

Justice and case law portals

High volumes that manual anonymisation cannot sustain without delaying publication.

Best practices

  1. Formal anonymisation policy approved by the DPO, with per-document criteria.
  2. Catalogue of personal data to remove by document type (ruling, contract, minute, grant).
  3. Anonymisation by design: apply before uploading to the portal, not after a complaint.
  4. Human review on top of AI detection when the impact is high (minors, health, gender violence).
  5. Auditable log: what was anonymised, who approved, with which model version.
  6. Re-identification assessment for datasets, cross-referenced with public sources.
  7. Training for portal managers and legal counsel.

Typical mistakes in public bodies

  • Publishing scanned PDFs without OCR: they look anonymised but the name is still in the image.
  • Confusing visual redaction with anonymisation.
  • Redacting the official's name while leaving their signature or user code visible.
  • Publishing both an anonymised and a non-anonymised version of the same document.
  • Automating without a review step for sensitive documents.

How anonimIA helps public bodies

anonimIA is designed for the public sector: automated detection of personal data in rulings, minutes, contracts and case files; real deletion on the text layer; an exportable auditable log; and EU hosting with data sovereignty. The result is publication in minutes rather than days, and a defensible trail before data protection authorities.

Conclusion

Transparency and data protection are not opposites: they demand clear processes, the right tools and traceability. Proper anonymisation lets the public sector publish without fear and protect people without giving up the right of access to information.

Do you anonymise documents daily?

Stop redacting by hand. Automate it with anonimIA.

Upload your PDFs and get GDPR-compliant anonymised documents in seconds.

Try it free