13. Does applying privacy-enhancing technologies to achieve anonymisation or pseudonymisation result in derived or inferred data?

No. As explained in Recital 8, pseudonymisation and encryption play an important role in the implementation of the Data Act. Pseudonymisation or anonymisation of personal data can be achieved by applying privacy enhancing technologies (PETs). It cannot be concluded that data resulting from applying PETs should be treated as inferred or derived data solely due to the application of these technologies. As made clear in Recital 15, the protection to data holders’ inferred or derived data is intended to safeguard “additional investments into assigning values or insights from the data”. PETs are investments that are made for the purpose of being able to analyse data while protecting privacy and not to assign values or derive insights. Anonymisation or pseudonymisation can be relevant, for instance, when the data holder must respond to a request under Article 4 or 5, and the requesting user is not the data subject, or there are several data subjects who may all be users of the same connected product (e.g. a rented car). In such situations, applying PETs can assist with ensuing compliance with the GDPR.