It's quite a lengthy document, but is worth a look —
- it reaffirms that anonymising data is an act of processing in itself, but one which is likely to be permitted under the "legitimate use" basis, and thus does not require consent;
- there's an interesting discussion about the disclosure of anonymous data, and the "motivated intruder" test for determining whether something should be treated as anonymous or not; and
- the second case study, on mobile footfall analytics, is particularly pertinent to the course here — my view is that the overall privacy harm (and public perception of the activity) would seem to demand more user control over the activity than ICO has seemed to suggest here.