Recently, well-publicised research by data scientists at Imperial College in London and Université Catholique de Louvain in Belgium as well as a ruling by Judge Michal Agmon-Gonen of the Tel Aviv District Court have highlighted the shortcomings of outdated data protection techniques like “Anonymisation” in today’s big data world. Anonymisation reflects an outdated approach to […]
anonymity
An anonymised dataset is supposed to have had all personally identifiable information removed from it, while retaining a core of useful information for researchers to operate on without fear of invading privacy. But in practice, data can be deanonymised in a number of ways. Now researchers have built a model to estimate how easy it […]
Hackers have stolen a massive trove of sensitive data and defaced the website of SyTech, a major contractor working for Russian intelligence agency FSB. The documents included descriptions of dozens of internal projects the company was working on, including ones on de-anonymization of users of the Tor browser and researching the vulnerability of torrents. A […]
Anonymization is hard. Just like cryptography, most people are not qualified to build their own. Unlike cryptography, the research is far earlier-stage, and the pre-built code is virtually unavailable. That hasn’t stopped people from claiming certain datasets (like this ) are anonymized and (sadly) having them re-identified. Full article: Deidentification versus anonymization
The most important definition in any privacy law is the scope of information that is covered by that law. A line must be drawn somewhere between personal and non-personal data, the argument goes , or else laws will capture all information even if it presents no risks to an individual’s privacy. Full article: De-Identification Should […]
Data de-identification has many benefits in the context of the EU General Data Protection Regulation. One of the recurring questions is whether consent is required to anonymize or de-identify data. In this article, we make the case that no consent is required for anonymization or other forms of de-identification. Full article: Does anonymization or de-identification […]
The Austrian data protection authority (‘DSB’) published, on 30 January 2019, its decision, dated 5 December 2018, on the right to data erasure, further to an individual’s complaint. In particular, the DSB highlighted that the complainant had alleged that an unnamed insurance company had infringed his right to data erasure by only deleting data stored […]
Data de-identification has many benefits in the context of the EU General Data Protection Regulation . One of the recurring questions is whether consent is required to anonymize or de-identify data. In this article, we make the case that no consent is required for anonymization or other forms of de-identification. Full article: Does anonymization or […]
So-called ‘anonymous’ data can be easily used to identify everything from our medical records to purchase histories. By analysing a mobile phone database of the approximate locations (based on the nearest cell tower) of 1.5 million people over 15 months (with no other identifying information) it was possible to uniquely identify 95% of the people with […]
Given that clinical trial documents contain personally identifying health information about trial participants, it is necessary to anonymize these documents. While there are efforts among the agencies to harmonize their anonymization guidance and practices, they are governed by different privacy laws and are implementing quite a different anonymization methodology. This raises the question of what the […]