Anonymizing location data is notoriously challenging. Fundamentally, there is no desirable balance between user privacy and the utility of the resulting data for general purpose use. Indeed, a vast body of research has shown this data is highly reidentifiable.
But what happens when the dataset is much bigger, like that of Vodafone UK? Do trajectories get “lost in the crowd” and become effectively anonymous? Unfortunately, dataset size is no protection against simple reidentification attacks.
But all is not lost. On the one hand, the community researching privacy-enhancing technologies is extremely active with promising results. On the other hand, regulators, evidenced by more principled acts, such as the GDPR, are working together with these researchers to draft guidelines for data protection.