Compliance with Legal Requirements for Data Privacy: A Study on Anonymization Techniques
Abstract
The protection of personal data has become a central topic in software development, especially with the implementation of the General Data Protection Law (LGPD) in Brazil and the General Data Protection Regulation (GDPR) in the European Union. With the enforcement of these laws, certain software quality criteria have become mandatory, such as data anonymization, which is one of the main aspects addressed by these regulations. The aim of this article is to analyze data anonymization techniques and assess their effectiveness in ensuring compliance with legal requirements and the utility of the data for its intended purpose. Techniques such as aggregation, generalization, perturbation, and k-anonymity were investigated and applied to datasets containing personal and sensitive data. The analysis revealed significant variations in the effectiveness of each method, highlighting the need to balance privacy and data utility.References
Baez, J. C., Fritz, T., and Leinster, T. (2011). A characterization of entropy in terms of information loss. Entropy, 13(11):1945–1957.
Brasil (2018). Lei nº 13.709, de 14 de agosto de 2018. lei geral de proteção de dados pessoais (lgpd). Disponível em: [link]. Acesso em: 12 fev. 2025.
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., and Samarati, P. (2009). Theory of privacy and anonymity. Disponível em: [link]. Acesso em: 18 nov. 2024.
Ghinita, G., Karras, P., Kalnis, P., and Mamoulis, N. (2007). Fast data anonymization with low information loss. In Proceedings of the VLDB Endowment (VLDB), pages 758–769, Vienna, Austria. ACM.
Kateifides, A., Bates, J., Papageorgiou, N., Ramsey, R., van der Geest, B., Marini, A., Arguinarena, P., and Ashcroft, V. (2020). Comparing privacy laws: GDPR vs. LGPD. OneTrust DataGuidance.
Li, T. and Li, N. (2014). Publicação de dados com privacidade preservada: Uma abordagem baseada em slicing. arXiv preprint.
Liew, C. K., Choi, U. J., and Liew, C. J. (1985). A data distortion by probability distribution. ACM Transactions on Database Systems (TODS), 10(3):395–411.
Maldonado, V. N. and Blum, R. O. (2020). LGPD Lei Geral de Proteção de Dados comentada. Thomson Reuters Brasil, 2 edition.
Marques, J. F. and Bernardino, J. (2020). Analysis of data anonymization techniques. In KEOD, pages 235–241.
Martin, B. (2020). GDPR for startups and scaleups: a practical guide. Library.
Mogre, N. V., Agarwal, G., and Patil, P. (2012). A review on data anonymization technique for data publishing. International Journal of Engineering Research & Technology (IJERT), 1(10):2278–0181.
Muntés-Mulero, V. and Nin, J. (2009). Privacy and anonymization for very large datasets. In Proceedings of the 18th ACM conference on Information and knowledge management, pages 2117–2118.
Ramos, F. (2019). Técnicas de Anonimização de Dados: Aplicações Práticas e Teóricas.
Ramos, F. and Oliveira, S. (2018). Manual Prático de Anonimização de Dados de Pesquisa com o R.
Ramos, F. and Oliveira, S. (2020). Anonimização e Dado: Fundamentos e Práticas.
Rana, M. E., Jayabalan, M., and Aasif, M. A. (2016). Privacy preserving anonymization techniques for patient data: An overview. In Third International Congress on Technology, Communication and Knowledge (ICTCK 2016).
Ranjan, A. and Ranjan, P. (2016). Two-phase entropy based approach to big data anonymization. In 2016 International Conference on Computing, Communication and Automation (ICCCA), pages 76–81. IEEE.
Sáinz-Pardo Díaz, J. and López García, Á. (2022). A python library to check the level of anonymity of a dataset. sci data 9.
Samarati, P. and Sweeney, L. (1998). Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression.
Senigaglia, R. et al. (2020). Privacidade e proteção de dados em serviços de software. In Services and Business Process Reengineering.
Smith, J. and Chang, E. (2021). Anonimização e Dados: Abordagens e Técnicas.
Union, E. (2016). Regulation (eu) 2016/679 of the european parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (general data protection regulation). Available at: [link]. Accessed: 12 Feb. 2025.
Xu, Q. (2007). Measuring information content from observations for data assimilation: relative entropy versus shannon entropy difference. Tellus A: Dynamic Meteorology and Oceanography, 59(2):198–209.
Brasil (2018). Lei nº 13.709, de 14 de agosto de 2018. lei geral de proteção de dados pessoais (lgpd). Disponível em: [link]. Acesso em: 12 fev. 2025.
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., and Samarati, P. (2009). Theory of privacy and anonymity. Disponível em: [link]. Acesso em: 18 nov. 2024.
Ghinita, G., Karras, P., Kalnis, P., and Mamoulis, N. (2007). Fast data anonymization with low information loss. In Proceedings of the VLDB Endowment (VLDB), pages 758–769, Vienna, Austria. ACM.
Kateifides, A., Bates, J., Papageorgiou, N., Ramsey, R., van der Geest, B., Marini, A., Arguinarena, P., and Ashcroft, V. (2020). Comparing privacy laws: GDPR vs. LGPD. OneTrust DataGuidance.
Li, T. and Li, N. (2014). Publicação de dados com privacidade preservada: Uma abordagem baseada em slicing. arXiv preprint.
Liew, C. K., Choi, U. J., and Liew, C. J. (1985). A data distortion by probability distribution. ACM Transactions on Database Systems (TODS), 10(3):395–411.
Maldonado, V. N. and Blum, R. O. (2020). LGPD Lei Geral de Proteção de Dados comentada. Thomson Reuters Brasil, 2 edition.
Marques, J. F. and Bernardino, J. (2020). Analysis of data anonymization techniques. In KEOD, pages 235–241.
Martin, B. (2020). GDPR for startups and scaleups: a practical guide. Library.
Mogre, N. V., Agarwal, G., and Patil, P. (2012). A review on data anonymization technique for data publishing. International Journal of Engineering Research & Technology (IJERT), 1(10):2278–0181.
Muntés-Mulero, V. and Nin, J. (2009). Privacy and anonymization for very large datasets. In Proceedings of the 18th ACM conference on Information and knowledge management, pages 2117–2118.
Ramos, F. (2019). Técnicas de Anonimização de Dados: Aplicações Práticas e Teóricas.
Ramos, F. and Oliveira, S. (2018). Manual Prático de Anonimização de Dados de Pesquisa com o R.
Ramos, F. and Oliveira, S. (2020). Anonimização e Dado: Fundamentos e Práticas.
Rana, M. E., Jayabalan, M., and Aasif, M. A. (2016). Privacy preserving anonymization techniques for patient data: An overview. In Third International Congress on Technology, Communication and Knowledge (ICTCK 2016).
Ranjan, A. and Ranjan, P. (2016). Two-phase entropy based approach to big data anonymization. In 2016 International Conference on Computing, Communication and Automation (ICCCA), pages 76–81. IEEE.
Sáinz-Pardo Díaz, J. and López García, Á. (2022). A python library to check the level of anonymity of a dataset. sci data 9.
Samarati, P. and Sweeney, L. (1998). Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression.
Senigaglia, R. et al. (2020). Privacidade e proteção de dados em serviços de software. In Services and Business Process Reengineering.
Smith, J. and Chang, E. (2021). Anonimização e Dados: Abordagens e Técnicas.
Union, E. (2016). Regulation (eu) 2016/679 of the european parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (general data protection regulation). Available at: [link]. Accessed: 12 Feb. 2025.
Xu, Q. (2007). Measuring information content from observations for data assimilation: relative entropy versus shannon entropy difference. Tellus A: Dynamic Meteorology and Oceanography, 59(2):198–209.
Published
2025-07-20
How to Cite
MENOLLI, André; NUNES, Luiz Fernando; COLETI, Thiago A..
Compliance with Legal Requirements for Data Privacy: A Study on Anonymization Techniques. In: PROCEEDINGS OF WORKSHOP ON SOCIAL, HUMAN AND ECONOMIC ASPECTS OF SOFTWARE (WASHES), 10. , 2025, Maceió/AL.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 60-71.
ISSN 2763-874X.
DOI: https://doi.org/10.5753/washes.2025.8180.
