Anonymised data may not protect privacy

UK – Current approaches to anonymising data used by companies and governments are not enough to protect privacy, according to research from University of Louvain (UCLouvain) and Imperial College London.

Privacy_data_secure_crop

Individuals are at risk of being re-identified even after data has been anonymised using methods such as stripping out characteristics such as names and email addresses, the study found.

The researchers developed a machine learning tool to evaluate the likelihood of re-identifying the right person using characteristics.

Using this model, the study found that 99.98% of Americans would be correctly re-identified in any anonymised dataset using 15 demographic attributes including age, gender and marital status.

Dr Luc Rocher of UCLouvain, one of the report authors, said: “While there might be a lot of people who are in their thirties, male, and living in New York City, far fewer of them were also born on 5 January, are driving a red sports car, and live with two kids (both girls) and one dog.”

The findings challenge the standards for data anonymisation set by GDPR and other laws such as the California Consumer Privacy Act, as the principles of data protection do not apply once personal data has been de-identified.

Senior author Dr Yves-Alexandre de Montjoye, of Imperial’s Department of Computing, and Data Science Institute, said: “This is pretty standard information for companies to ask for. Although they are bound by GDPR guidelines, they’re free to sell the data to anyone once it’s anonymised. Our research shows just how easily –and how accurately – individuals can be traced once this happens.

“Companies and governments have downplayed the risk of re-identification by arguing that the datasets they sell are always incomplete. Our findings contradict this and demonstrate that an attacker could easily and accurately estimate the likelihood that the record they found belongs to the person they are looking for.”

The researchers have also launched a publicly available online tool to highlight the issue and allow people to see which pieces of information could be used to re-identify them. 

The paper is published in Nature Communications.

We hope you enjoyed this article.
Research Live is published by MRS.

The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.

Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.

For example, there's an archive of winning case studies from over a decade of MRS Awards.

Find out more about the benefits of joining MRS here.

0 Comments


Display name

Email

Join the discussion

Newsletter
Stay connected with the latest insights and trends...
Sign Up
Latest From MRS

Our latest training courses

Our new 2025 training programme is now launched as part of the development offered within the MRS Global Insight Academy

See all training

Specialist conferences

Our one-day conferences cover topics including CX and UX, Semiotics, B2B, Finance, AI and Leaders' Forums.

See all conferences

MRS reports on AI

MRS has published a three-part series on how generative AI is impacting the research sector, including synthetic respondents and challenges to adoption.

See the reports

Progress faster...
with MRS 
membership

Mentoring

CPD/recognition

Webinars

Codeline

Discounts