Data re-identification

Data re-identification or de-anonymization is the practice of matching anonymous data (also known as de-identified data) with publicly available information, or auxiliary data, in order to discover the person to whom the data belongs.^[1] This is a concern because companies with privacy policies, health care providers, and financial institutions may release the data they collect after the data has gone through the de-identification process.

The de-identification process involves masking, generalizing or deleting both direct and indirect identifiers; the definition of this process is not universal. Information in the public domain, even seemingly anonymized, may thus be re-identified in combination with other pieces of available data and basic computer science techniques. The Protection of Human Subjects ('Common Rule'), a collection of multiple U.S. federal agencies and departments including the U.S. Department of Health and Human Services, warn that re-identification is becoming gradually easier because of "big data"—the abundance and constant collection and analysis of information along with the evolution of technologies and the advances of algorithms. However, others have claimed that de-identification is a safe and effective data liberation tool and do not view re-identification as a concern.^[2]^{[neutrality is disputed]}

More and more data are becoming publicly available over the Internet. These data are released after applying some anonymization techniques like removing personally identifiable information (PII) such as names, addresses and social security numbers to ensure the sources' privacy. This assurance of privacy allows the government to legally share limited data sets with third parties without requiring written permission. Such data has proved to be very valuable for researchers, particularly in health care.

GDPR-compliant pseudonymization seeks to reduce the risk of re-identification through the use of separately kept "additional information". The approach is based on an expert evaluation of a dataset to designate some identifiers as "direct" and some as "indirect." Proponents of this approach argue that re-identification can be avoided by limiting access to "additional information" that is kept separately by the controller. The theory is that access to separately kept "additional information" is required for re-identification, attribution of data to a specific data subject can be limited by the controller to support lawful purposes only. This approach is controversial, as it fails if there are additional datasets that can be used for re-identification. Such additional datasets may be unknown to those certifying the GDPR-compliant pseudonymization, or may not at exist at the time of the pseudonymization but may come into existence at some point in the future.

^ Pedersen, Torben (2005). "HTTPS, Secure HTTPS". Encyclopedia of Cryptography and Security. pp. 268–269. doi:10.1007/0-387-23483-7_189. ISBN 978-0-387-23473-1.
^ Richardson, Victor; Milam, Sallie; Chrysler, Denise (April 2015). "Is Sharing De-Identified Data Legal? The State of Public Health Confidentiality Laws and Their Interplay with Statistical Disclosure Limitation Techniques". The Journal of Law, Medicine & Ethics. 43 (1_suppl): 83–86. doi:10.1111/jlme.12224. hdl:2027.42/111074AA. ISSN 1073-1105. PMID 25846173. S2CID 9384220.

[1] Pedersen, Torben (2005). "HTTPS, Secure HTTPS". Encyclopedia of Cryptography and Security. pp. 268–269. doi:10.1007/0-387-23483-7_189. ISBN 978-0-387-23473-1.

[Richardson,_Milam,_&_Chrysler_2015-2] Richardson, Victor; Milam, Sallie; Chrysler, Denise (April 2015). "Is Sharing De-Identified Data Legal? The State of Public Health Confidentiality Laws and Their Interplay with Statistical Disclosure Limitation Techniques". The Journal of Law, Medicine & Ethics. 43 (1_suppl): 83–86. doi:10.1111/jlme.12224. hdl:2027.42/111074AA. ISSN 1073-1105. PMID 25846173. S2CID 9384220.

[1]

[2]