From The Electronic Frontier Foundation: Debunking the Myth of "Anonymous" Data
Personal information that corporations collect from our online behaviors sells for astonishing profits and incentivizes online actors to collect as much as possible. Every mouse click and screen swipe can be tracked and then sold to ad-tech companies and the data brokers that service them.
In an attempt to justify this pervasive surveillance ecosystem, corporations often claim to de-identify our data. This supposedly removes all personal information (such as a person's name) from the data point (such as the fact that an unnamed person bought a particular medicine at a particular time and place). Personal data can also be aggregated, whereby data about multiple people is combined with the intention of removing personal identifying information and thereby protecting user privacy.
...
However, in practice, any attempt at de-identification requires removal not only of your identifiable information, but also of information that can identify you when considered in combination with other information known about you. Here's an example:
- First, think about the number of people that share your specific ZIP or postal code.
- Next, think about how many of those people also share your birthday.
- Now, think about how many people share your exact birthday, ZIP code, and gender.
According to one landmark study, these three characteristics are enough to uniquely identify 87% of the U.S. population. A different study showed that 63% of the U.S. population can be uniquely identified from these three facts.
We cannot trust corporations to self-regulate. The financial benefit and business usefulness of our personal data often outweighs our privacy and anonymity. In re-obtaining the real identity of the person involved (direct identifier) alongside a person's preferences (indirect identifier), corporations are able to continue profiting from our most sensitive information. For instance, a website that asks supposedly "anonymous" users for seemingly trivial information about themselves may be able to use that information to make a unique profile for an individual.
(Score: 5, Insightful) by Rosco P. Coltrane on Sunday November 12 2023, @11:42AM
but some should be if it wasn't forcibly extracted.
People leak data all the time. And putting the pieces together is arguably fair game.
Think of it as you leaving your fingerprints on everything you touch: you can't prevent someone from coming and lifting your fingerprints if they want to (not talking about what they do with them later though, just the lifting). Your fingerprints are out there. Those who want to collect fingerprints can almost "passively" collect them after you've been somewhere.
However, you don't involuntarily leak other data all the time. Like your sexual preferences or your political views. If you don't actively broadcast the information, including stepping into a sex shop and running into someone you know, or picketing in the street, then nobody can - or should - know.
Data collection of information you don't naturally leak all the time takes a deliberate effort to collect. Information that can't be obtained passively and that requires an effort to collect is what's problematic.
In the case of Big Data, the deliberate effort to collect information you don't naturally give away comes in the form of setting up a very successful search engine, putting trackers all over the internet that you can't avoid, running intrusive scripts on your computer... The key thing here is they actively seek out the information: if they quit gaming the internet to collect it, the stream of information would stop. Because again, that's information that you don't normally passively leak out.
That's where I draw the line personally. Any information obtained as a result of a concerted and deliberate effort to pry it out of people without their consent of their knowledge, when those people wouldn't normally give away the information, should be regarded as a violation of privacy and criminalized.
But of course, in a society where lawmakers are bought and sold on the marketplace, this is never going to happen...