fbpx

Download free GDPR compliance checklist!

Tag Archives for " anonymity "

Google’s federated analytics method could analyze end user data without invading privacy

Google’s federated analytics techniques, which power features like Now Playing, could be used to analyze end user data without invading privacy.

It works by running local computations over a device’s data and making only the aggregated results — not the data from the particular device — available to authorized engineers.

Source: Google’s federated analytics method could analyze end user data without invading privacy | VentureBeat

Will Google’s and Apple’s COVID Tracking Plan Protect Privacy?

Last week, Google and Apple announced that they were working together to develop privacy-protecting technology that could enable COVID-19 contact-tracing apps. The proposed system is anonymous but vulnerable to trolls and spoofing.

Building a data set of people who have been in the same room together—data that would likely be extremely valuable to both marketers and law enforcement—is not without risk of exploitation, even stored on people’s phones, security and privacy experts said in interviews.

Full article: Will Google’s and Apple’s COVID Tracking Plan Protect Privacy?

UK government using confidential patient data in coronavirus response

Technology firms are processing large volumes of confidential UK patient information in a data-mining operation that is part of the government’s response to the coronavirus outbreak, according to documents seen by the Guardian.

While anonymised, confidential information in the Covid-19 datastore may include people’s gender, postcode, symptoms, the mechanism through which any prescription was dispatched to them, and the precise time they ended the call.

Source: UK government using confidential patient data in coronavirus response

Firm Tracking Purchase, Transaction Histories of Millions Maybe Not Really Anonymizing Them

The nation’s largest financial data broker, Yodlee, holds extensive and supposedly anonymized banking and credit card transaction histories on millions of Americans.

Internal documents, however, appear to indicate that Yodlee clients could potentially de-anonymize those records by simply downloading a giant text file and poking around in it for a while. That includes a unique identifier associated with the bank or credit card holder, amounts of transactions, dates of sale, which business the transaction was processed at, and bits of metadata.

Source: Report: Firm Tracking Purchase, Transaction Histories of Millions Maybe Not Really Anonymizing Them

German Federal Supervisory Authority Launches Public Consultation on Anonymization

On February 10, 2020, Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI) launched its first public consultation procedure.

The consultation invites comments on a position paper of the BfDI which addresses the anonymization of personal data under the General Data Protection Regulation (GDPR), with a particular focus on the telecommunications sector (for example, the anonymization of location data in mobile networks).

Source: German Federal Commissioner for Data Protection and Freedom of Information Launches Public Consultation on Anonymization

Researchers Find ‘Anonymized’ Data Is Even Less Anonymous Than We Thought

Corporations love to pretend that ‘anonymization’ of the data they collect protects consumers. Studies keep showing that’s not really true.

When it was revealed that Avast is using its popular antivirus software to collect and sell user data, Avast CEO Ondrej Vlcek first downplayed the scandal, assuring the public the collected data had been “anonymized”—or stripped of any obvious identifiers like names or phone numbers.

But analysis from students at Harvard University shows that anonymization isn’t the magic bullet companies like to pretend it is. Previous studies have shown that even within independent individual anonymized datasets, identifying users isn’t all that difficult. But when data from different leaks are combined, identifying actual users isn’t all that difficult.

Source: Researchers Find ‘Anonymized’ Data Is Even Less Anonymous Than We Thought – VICE

Even Privacy-Focused Cryptocurrency Can Spill Your Secrets

From a Harry Potter-themed protocol to high-profile coins, cryptocurrency is often not quite as private as it seems.

Privacy coins are a reaction to the realization that bitcoin isn’t private at all. All bitcoin transaction data is public and open to all for analysis; combine that with some strategic subpoenas to get the personal data cryptocurrency exchanges are required to collect on their customers, and it’s pretty trivial to untangle who’s who. But also privacy focused couns like Grin and Beam have their flaws, as research shows.

Source: Even Privacy-Focused Cryptocurrency Can Spill Your Secrets | WIRED

Inherently identifiable: Is it possible to anonymize health and genetic data?

Nearly 25 million people have taken an at-home DNA testing kit and shared that data with one of four ancestry and health databases.

With this proliferation of genetic testing and biometric data collection, there should be an increased scrutiny of the practices used to deidentify this data. Biometric data, namely genetic information and health records, is innately identifiable.

But can biometric data ever truly be anonymized, what are the methods of deidentification and best practices, and the current state of biometric data under the EU General Data Protection Regulation?

Full article: Inherently identifiable: Is it possible to anonymize health and genetic data?

Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

On November 4, 2019, the Spanish Supervisory Authority (“AEPD”), in collaboration with the European Data Protection Supervisor, published guidance on the use of hashing techniques for pseudonymization and anonymization purposes. In particular, the guidance analyses what factors increase the probability of re-identifying hashed messages.

The guidance provides examples of how controllers can make the re-identification of hashed messages more difficult. These examples include encrypting the message (prior to hashing), encrypting the hash value, or adding “salt” or “noise” (i.e., a random number) to the original message.

Source: Spanish Supervisory Authority and EDPS release guidance on hashing for data pseudonymization and anonymization purposes

Anonymisation does not work for big data

Recently, well-publicised research by data scientists at Imperial College in London and Université Catholique de Louvain in Belgium as well as a ruling by Judge Michal Agmon-Gonen of the Tel Aviv District Court have highlighted the shortcomings of outdated data protection techniques like “Anonymisation” in today’s big data world.

Anonymisation reflects an outdated approach to data protection developed when the processing of data was limited to isolated (siloed) applications prior to the popularity of “big data” processing that involves widespread sharing and combining of data.

Source: Anonymisation does not work for big data due to lack of protection for direct & indirect identifiers and easy re-identification vs pseudonymisation

1 2 3 5
>