Re: Linkability & European reality

On 2012-10-23 10:27, Kimon Zorbas wrote:

> Many countries in Europe will accept many datasets as anonymous,
> whereas Germany takes (surprise, surprise…) a much stricter approach
> and only recognises such datasets as pseudonymous. In this context we
> cannot disregard pseudonymous data. Whether you can link such data 
> and
> do so in practice (again, I believe theoretical debates are 
> important,
> but what matters more to consumers and business is the actual
> practice, i.e. what 95% of companies do) is a question involved
> stakeholders might interpret differently. Striving towards a concept
> that takes a "strict US approach" on anonymisation (as I believe you
> suggest) would create a paradox with the strict data protection
> regulation in Germany…

Dear Kimon,

Given that the harmonisation achieved by the Data Protection Directive 
is suboptimal to say the least, I am not going to doubt your assertion 
that there is variation across European Data Protection Authorties' 
opinions on what constitutes 'anonymous' data, despite all the guidance 
provided by the Article 29 Working Group. Nonetheless it would be 
helpful if you could provide some references for that assertion, if 
necessary off-list.

> entirely disregard. We want one global standard that can respond much
> better to privacy needs than blanket legislation.

Given that the area of what is actually anonymous is governed by the 
harsh reality of statistics and information theory (the examples Dan 
gave are particularly enlightening in this regard), I think this should 
be one of the subjects that should lend itself best for global 

This PhD dissertation deals with the subject:

One of its conclusions was that 67% of Dutch citizens are identifiable 
by their postal code and date of birth alone. I think this illustrates 
the need for aggressive hashing.



Received on Tuesday, 23 October 2012 09:59:39 UTC