Alex Jameson
I am a senior associate in Bird & Bird’s Privacy and Data Protection Group, based in London. I work with UK and international clients across a variety of sectors on a wide range of data protection and e-privacy issues.
My experience covers all aspects of information law: from the GDPR, to ePrivacy and Freedom of Information. I enjoy finding practical solutions to difficult questions: be that building a data protection compliance programme within a difficult culture, advising on grey spaces like on-device processing and biometrics, or just finding a calm way to manage stressful moments such as security incidents.
I work with all kinds of organisations, but have a particular interest in matters involving AI and new technologies.
Separately, I have particular experience working on HR data and employment-adjacent privacy matters.
Before joining Bird & Bird, I spent over six years at another private practice firm where I advised companies, public sector organisations and international NGOs on data and privacy.
Practice Area
Panel
- Contributing Author
Qualified Year
- 2016
Experience
- Bates Wells (2014 - 2021)
Qualifications
- LPC (2012)
- LLB (2010)
Education
- College of Law (2012)
- University of Hull (2010)
2 Contributions by Alex Jameson
PRACTICE NOTES
Anonymisation and pseudonymisation under the EU GDPR: legal tests, case law, WP29 three risks, techniques, PETs and Schrems II supplementary measures
FORTHCOMING CHANGE:
This Practice Note sets out the law as it presently stands, though some aspects will be affected by the Digital Omnibus proposals issued on 19 November 2025 under the EU Commission’s ‘simplification’ programme. For more detail, see Practice Note: EU Digital Omnibus—tracker. It explores legal and practical issues around anonymisation, pseudonymisation and privacy enhancing technologies (PETs). It outlines what is required for robust anonymisation and pseudonymisation and summarises core techniques available. It further introduces the family of tools referred to as PETs. The analysis is framed by the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR), alongside relevant guidance.
Anonymisation and pseudonymisation
Under the EU GDPR, duties apply to the processing of ‘personal data’, meaning information about a living person who is identified or can be identified. While the EU GDPR provides no explicit definition of ‘anonymous data’, by inference it is data that is no longer personal because it no longer relates to an identified or identifiable person. Effective anonymisation therefore removes data from the scope of the EU GDPR...
EU Law
PRACTICE NOTES
UK GDPR and DPA 2018: Anonymisation, Pseudonymisation and Privacy‑Enhancing Technologies—Legal Tests, ICO Guidance and Practical Techniques
This Practice Note examines the law and practice in relation to anonymisation, pseudonymisation and privacy enhancing technologies (or PETs).
It specifically outlines what constitutes robust anonymisation and pseudonymisation and sets out core methods that can be applied. It further introduces the suite of tools referred to as PETs. It assesses the framework under the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), alongside the UK Data Protection Act 2018 (DPA 2018). Where pertinent to the UK GDPR, EU case law and guidance are taken into account. For information on the position under the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR), see Practice Note: in the EU. On this topic, key differences exist between the UK GDPR regime and the EU GDPR. That said, at a high level the UK GDPR and EU GDPR remain closely aligned. For background on the UK GDPR and how it relates to the EU GDPR, see Practice Note: The UK General Data Protection Regulation (UK GDPR)—Summary of key legislation...
Information Law
If you expected to see yourself on this page, click here.
