This paper presents a new technique for anonymizing personal data for studies in which the real name of the person has to be hidden. Firstly, the privacy problem is introduced and a set of related terminology is then presented. Then, we suggest a rigorous approach to define anonymization requirements, as well as how to characterize, select and build solutions. This analysis shows that the most important privacy needs can be met by using smartcards to carry out the critical part of the anonymizaton procedure. By supplying his card, the citizen (e.g., the patient in the medical field) gives his consent to exploit his ano-nymized data; and for each use, a new anonymous identifier is generated within the card. In the same way, reversing the anonymity is possible only if the patient presents his personal smartcard (which implies that he gives his consent). In this way, the use of the smartcard seems be the most suitable means of keeping the secret as well as the anonymization and the disanonymi-zation procedures under the patient control.