Sign In

Communications of the ACM

ACM TechNews

'Anonymized' Data Can Never Be Totally Anonymous, says Study


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
In practice, data can be de-anonymized in a number of ways.

Researchers at Universit catholique de Louvain in Belgium and Imperial College London in the U.K. developed a model to estimate how easy it would be to deanonymize an arbitrary dataset.

Credit: Stefan Rousseau/PA

Researchers at Université catholique de Louvain (UCLouvain) in Belgium and Imperial College London in the U.K. have developed a model to estimate how easy it would be to deanonymize an arbitrary dataset.

For example, they said a dataset with 15 demographic attributes "would render 99.98% of people in Massachusetts unique."

The model requires fewer attributes for smaller populations, and the researchers said if town-level data were included with those 15 demographic attributes, "it would not take much to re-identify people living in Harwich Port, MA, a city of fewer than 2,000 inhabitants."

The researchers said their results demonstrate that anonymization is not sufficient for private companies to avoid conflicts with laws such as Europe's General Data Protection Regulation, and the California Consumer Privacy Act.

They stressed the need “to move, from a legal and regulatory perspective, beyond the deidentification release-and-forget model.”

From The Guardian
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found