REQ.313 Inform inability to identify users
The system must inform the users whenever it can demonstrate its inability to individually identify them using the information it has collected from them.
Systems usually request information from the users or collect it based on their interactions with the application. Some regulations related to the collection of personal data are only applicable if the user can be identified using this data. Whenever the system is unable to individually identify its users with the data it collects from them, and it can demonstrate it, it must inform them of this situation.
GDPR. Art. 11: Processing which does not require identification.(2). Where the controller is able to demonstrate that it is not in a position to identify the data subject, the controller shall inform the data subject accordingly, if possible.