PSCL Questionnaires: Anonymous or Not?

In the landscape of corporate mobility management, one of the most debated issues concerns the presumed obligation to anonymize data collected through questionnaires for the preparation of Workplace Travel Plans (PSCL). Let’s clarify this aspect by analyzing the reference regulations and practical implications for Mobility Managers.

What “anonymous data” really means according to GDPR

Before addressing the specific issue of PSCL, it is essential to understand what is meant by “anonymous data” according to the General Data Protection Regulation (GDPR). Recital 26 of the GDPR is crystal clear: data is considered anonymous when it does not refer to an identified or identifiable natural person, or when it has been anonymized in such a way that the data subject is not or is no longer identifiable.

The crucial point is that anonymous data must be irreversibly dissociated from the natural person. Simply removing the name is not enough: if through other elements present in the dataset it is possible to trace back to the person’s identity (even by cross-referencing apparently harmless information), the data cannot be considered anonymous according to the GDPR.

The “minimum information” of Annex 3: a critical analysis

Annex 3 of the ministerial guidelines for drafting PSCL lists the “minimum information necessary to collect” through employee questionnaires. Let’s analyze the compatibility of these requirements with the GDPR definition of anonymous data:

Data required by Annex 3:

• Municipality of residence/domicile and postal code
• Gender and age
• Type of contract and presence at the workplace
• Entry and exit times for each day of the week
• Usual modes of transportation
• Distance traveled and time taken
• Propensity to change towards different forms of sustainable mobility

The combination of these elements - particularly municipality of residence, age, gender, specific times, and transportation modes - creates a profile so detailed that in many companies it would allow easy identification of the employee, especially in contexts with limited staff or specific demographic characteristics.

The information required by Annex 3 can hardly be considered “anonymous” according to the GDPR definition, as their combination can make the data subject identifiable.

The “database” mentioned in the Guidelines: not the questionnaire one

By carefully examining paragraph 3.2 of the Guidelines, a fundamental distinction emerges that is often misunderstood. The document establishes a precise sequence of activities:

1. First phase - Preliminary corporate database: “In order to reconstruct the framework of home-work travel for company locations, it is necessary, preliminarily, to frame the staff in relation to residence and type of company shift work.”

2. Second phase - Employee questionnaire: “To investigate the elements useful for understanding the travel habits and needs of employees, as well as their propensity for change, it is necessary for the corporate mobility manager to carry out also a specific data collection campaign, through an informative questionnaire to be administered to each employee.”

The reference to anonymization in the Guidelines refers specifically to the preliminary corporate database created in the first phase:

“The database disaggregated according to the stated criteria and anonymous as required by privacy protection regulations allows for initial general assessments on the territorial and temporal distribution of the workforce and the possible relationship with existing transport services.”

The preliminary corporate database uses data already available in the company (employee residences and shifts) and is aimed at initial aggregate assessments and precedes the questionnaire phase. The employee questionnaire instead represents additional and specific data collection, aimed at deepening individual habits and propensities. It is not explicitly subject to anonymization requirements and follows the preliminary analysis chronologically.