fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " anonymity "

‘Anonymised’ data can never be totally anonymous

An anonymised dataset is supposed to have had all personally identifiable information removed from it, while retaining a core of useful information for researchers to operate on without fear of invading privacy.

But in practice, data can be deanonymised in a number of ways. Now researchers have built a model to estimate how easy it would be to deanonymise any arbitrary dataset. A dataset with 15 demographic attributes, for instance, “would render 99.98% of people in Massachusetts unique”. And for smaller populations, it gets easier: if town-level location data is included, for instance, “it would not take much to reidentify people living in Harwich Port, Massachusetts, a city of fewer than 2,000 inhabitants”.

Source: ‘Anonymised’ data can never be totally anonymous, says study | Technology | The Guardian

Russia is working on a Tor de-anonymization project

Hackers have stolen a massive trove of sensitive data and defaced the website of SyTech, a major contractor working for Russian intelligence agency FSB.

The documents included descriptions of dozens of internal projects the company was working on, including ones on de-anonymization of users of the Tor browser and researching the vulnerability of torrents.

A Tor network routes internet traffic through random relays across the world, allowing users to conceal their location and internet usage from anyone conducting network surveillance or traffic analysis.

Source: BBC: Russia is working on a Tor de-anonymization project

Deidentification versus anonymization

Anonymization is hard. Just like cryptography, most people are not qualified to build their own.

Unlike cryptography, the research is far earlier-stage, and the pre-built code is virtually unavailable. That hasn’t stopped people from claiming certain datasets (like this ) are anonymized and (sadly) having them re-identified.

Full article: Deidentification versus anonymization

De-Identification Should Be Relevant to a Privacy Law, But Not an Automatic Get-Out-of-Jail-Free Card

The most important definition in any privacy law is the scope of information that is covered by that law. A line must be drawn somewhere between personal and non-personal data, the argument goes , or else laws will capture all information even if it presents no risks to an individual’s privacy.

Full article: De-Identification Should Be Relevant to a Privacy Law, But Not an Automatic Get-Out-of-Jail-Free Card

Does anonymization or de-identification require consent under the GDPR?

Data de-identification has many benefits in the context of the EU General Data Protection Regulation.

One of the recurring questions is whether consent is required to anonymize or de-identify data. In this article, we make the case that no consent is required for anonymization or other forms of de-identification.

Full article: Does anonymization or de-identification require consent under the GDPR?

Austrian DPA takes “result-oriented perspective” in data erasure decision

The Austrian data protection authority (‘DSB’) published, on 30 January 2019, its decision, dated 5 December 2018, on the right to data erasure, further to an individual’s complaint.

In particular, the DSB highlighted that the complainant had alleged that an unnamed insurance company had infringed his right to data erasure by only deleting data stored for marketing purposes and anonymising the remainder.

Full article: Austria: DSB takes “result-oriented perspective” in data erasure decision

Does anonymization or de-identification require consent under the GDPR?

Data de-identification has many benefits in the context of the EU General Data Protection Regulation . One of the recurring questions is whether consent is required to anonymize or de-identify data. In this article, we make the case that no consent is required for anonymization or other forms of de-identification.

Full article: Does anonymization or de-identification require consent under the GDPR?

‘Data is a fingerprint’: why you aren’t as anonymous as you think online

So-called ‘anonymous’ data can be easily used to identify everything from our medical records to purchase histories. By analysing a mobile phone database of the approximate locations (based on the nearest cell tower) of 1.5 million people over 15 months (with no other identifying information) it was possible to uniquely identify 95% of the people with just four data points of places and times. About 50% could be identified from just two points.

Source: ‘Data is a fingerprint’: why you aren’t as anonymous as you think online | World news | The Guardian

Are there risks of using public clinical trial data under GDPR?

Given that clinical trial documents contain personally identifying health information about trial participants, it is necessary to anonymize these documents. While there are efforts among the agencies to harmonize their anonymization guidance and practices, they are governed by different privacy laws and are implementing quite a different anonymization methodology. This raises the question of what the risks would be to the users of these public clinical trial documents if the anonymization performed for a public data release was not adequate and the public documents still have a high risk of re-identification?

Read full article: Are there risks of using public clinical trial data under GDPR?

Top EU Court Embraces Anonymity for Litigants

Starting with July 1 the European Court of Justice (CJEU) no longer plans to identify people who are the subject of future preliminary rulings by replacing, in all its public documents, the name of natural persons involved in the case by initials. However, the court emphasized it retains the right to derogate from this plan “in the event of an express request from a party or if the particular circumstances of the case so justify.” There is no plan to alter how the court handles hearings or other proceedings that do not involve publications.

Source: Top EU Court Embraces Anonymity for Litigants

>