Skip to content

Is Synthetic Data GDPR-Exempt? The Re-Identification Test

Sotiris SpyrouUpdated on

Share this article

LinkedInXEmail
Is Synthetic Data GDPR-Exempt? The Re-Identification Test

Synthetic data isn't automatically outside GDPR. It falls outside the regulation only when the risk of re-identifying a real person is remote. Generate it from personal data and keep that risk low, and you're handling anonymous information. Get it wrong, and you're still processing personal data, with every GDPR duty attached. That single test, not the "synthetic" label, decides whether your data protection obligations apply.

This matters because "synthetic" gets used as a magic word. A vendor says the dataset is artificial, so privacy law no longer bites. Regulators don't accept that, and neither should you.

Is synthetic data personal data under GDPR?

It depends on whether anyone can realistically identify a real individual from it.

GDPR only applies to personal data. Recital 26 says the principles of data protection don't apply to anonymous information, meaning data rendered anonymous so that the data subject "is not or no longer identifiable." To decide if someone is identifiable, you take account of "all the means reasonably likely to be used" to single them out, by you or anyone else, weighing the cost, time and available technology.

So the question is never "is this dataset synthetic?" It's "could a motivated person realistically pick out a real individual from it?" If yes, it's personal data. If the risk is remote, it isn't.

Synthetic data is generated by a model that learns the patterns of a real source dataset, then produces new records that mimic those patterns. The records are artificial. The patterns are not. A model trained on real people can carry traces of those people forward, and that's where re-identification risk lives.

The UK's ICO guidance on anonymisation and pseudonymisation, updated 28 March 2025, treats synthetic data as a privacy-enhancing technology, not a guaranteed exit from GDPR. The ICO is blunt that a privacy-enhancing technology is no silver bullet. Using one doesn't remove your duty to protect any personal data still in play.

When does synthetic data still count as personal data?

When a real person can be singled out, linked, or have an attribute inferred about them.

The Article 29 Working Party Opinion 05/2014 on anonymisation techniques sets the three risks every anonymisation claim has to survive. They apply directly to synthetic data:

Risk What it means How it shows up in synthetic data
Singling out Isolating one record that maps to one real person A rare combination of traits (age, postcode, condition) reproduced almost exactly
Linkability Matching records across two datasets to the same person Synthetic records that join cleanly back to an external source
Inference Deducing an attribute about someone with high confidence A model that reveals a sensitive trait correlates with others it was trained on

Clear any of those badly and the data is still personal data. The opinion is explicit that identification isn't just recovering a name or address. Singling out, linkability and inference all count.

High-fidelity synthetic data is the trap. The closer it mirrors the source, the more useful it is, and the more re-identification risk it carries. There's a real tension between utility and privacy here, and pretending otherwise is how organisations talk themselves into a breach.

Can someone really re-identify a person from synthetic data?

Yes, and there's a body of peer-reviewed work showing how.

The main attack is membership inference: working out whether a specific real person's record was in the training data. Researchers have shown this works against synthetic data by detecting where a generative model has overfitted to, in effect memorised, unusual records (Membership Inference Attacks against Synthetic Data through Overfitting Detection, 2023). Rare and outlier records are the most exposed, exactly the records about vulnerable people you most need to protect.

The European Data Protection Board's Opinion 28/2024 on AI models, adopted 18 December 2024, sets the bar for calling an AI model anonymous. It must be very unlikely both to identify individuals whose data trained the model, and to extract their personal data through queries. The EDPB wants the likelihood of identification through "all means" to be negligible, and says each case gets assessed on its facts.

That's a high bar, and it's the right one to borrow for synthetic data. If a clever attacker with the synthetic dataset could pull a real person back out, you never anonymised anything. You just relabelled it.

How do you use synthetic data compliantly?

Treat the generation step as personal data processing, then prove the output is anonymous before you rely on it.

Two phases, two sets of duties.

Generating the data. Building synthetic data from a real dataset is itself processing of personal data. The ICO is clear you need a lawful basis to collect and use the source data for that purpose, and you have to be transparent with people that their data is being used this way. Privacy obligations don't pause while the model trains.

Releasing the data. Before you treat the output as anonymous, test it. A practical checklist:

  • Run the three Article 29 tests. Can you single out, link, or infer your way back to a real person?
  • Attack your own dataset. Run membership inference and linkage tests against it. If your team can re-identify someone, so can someone else.
  • Watch the outliers. Rare records carry most of the risk. Check whether unusual real individuals are reproduced too faithfully.
  • Consider differential privacy during generation. Adding calibrated noise gives a mathematical bound on what any single record contributes, which strengthens an anonymity claim.
  • Document the risk assessment. The "reasonably likely" test is contextual. Who holds the data, what else could it be joined to, what technology exists today. Write it down.
  • Don't take the vendor's word for it. "It's synthetic" is a marketing claim, not a legal conclusion. The accountability sits with you as controller.

This is the gap between theory and practice. Synthetic data can be a genuinely strong privacy tool. It earns that status only when you've tested the output and kept the receipts, not when a supplier prints "anonymous" on the invoice.

What changes in 2026?

Less than the headlines suggested. The EU's Digital Omnibus package, proposed in November 2025, floated a rewrite of the "personal data" definition. By early 2026 the Council's compromise had dropped that change (IAPP, 2026). Identifiability still gets assessed under Article 4(1) and Recital 26, on the means reasonably likely to be used. The test you're working to hasn't moved.

The direction of travel is clear, though. Regulators expect a documented, risk-based judgement about identifiability, not a label. Synthetic data fits that world well, as long as you do the work.

Frequently asked questions

Is synthetic data exempt from GDPR?

Only if it's genuinely anonymous, meaning no real person can be identified from it by means reasonably likely to be used. If a residual re-identification risk exists, the data is personal data and GDPR applies in full. The "synthetic" label alone changes nothing.

Does generating synthetic data from real data need a lawful basis?

Yes. The ICO is clear that creating synthetic data from personal data is itself processing. You need a lawful basis for using the source data that way, and you have to tell the people concerned. The privacy work starts before the synthetic output exists.

What is membership inference and why does it matter?

It's an attack that works out whether a specific person's record was in the data used to train the generative model. If it succeeds, your synthetic dataset is leaking information about real individuals, and any claim that it's anonymous fails. Rare and outlier records are the most vulnerable.

Does differential privacy make synthetic data GDPR-safe?

It helps, but it's not a guarantee. Differential privacy adds calibrated noise during generation and gives a measurable bound on any one person's contribution. That strengthens an anonymity claim. You still have to test the output and document why the re-identification risk is remote.

The bottom line

Synthetic data is one of the better privacy tools available, and it's also one of the most over-claimed. The honest position: it's anonymous when you've proven the re-identification risk is remote, and personal data until you have. Most of the legal risk lives in skipping the proof.

My view, after watching organisations get this wrong: the failure is almost never the technique. It's treating "synthetic" as a conclusion instead of a starting point. Run the three tests, attack your own data, document the judgement. Do that and synthetic data earns its place. Skip it and you've built a re-identification risk with a reassuring name.

This connects to wider duties on GDPR and AI for children's data, the discipline of a proper AI compliance audit, and the obligations arriving under the EU AI Act. Synthetic data is one piece of a Responsible AI programme, not a shortcut around one.

Part of VerityAI's synthetic data and GDPR in healthcare.

This is the kind of work our AI governance and compliance handles.

Share this article

LinkedInXEmail
Sotiris Spyrou - Author

Sotiris Spyrou

Sotiris Spyrou is the founder of VerityAI, a Responsible AI advisory for boards and AI-deploying businesses. With 27 years across agencies, global in-house roles, and the C-suite, he advises leaders on AI governance and risk, and on answer-engine visibility engineered without the dark patterns the rest of the industry is getting penalised for. He is the author of TRANSFORM, AI Moats, and Ethical AI.

Founder at VerityAI