From The Electronic Frontier Foundation: Debunking the Myth of "Anonymous" Data
Personal information that corporations collect from our online behaviors sells for astonishing profits and incentivizes online actors to collect as much as possible. Every mouse click and screen swipe can be tracked and then sold to ad-tech companies and the data brokers that service them.
In an attempt to justify this pervasive surveillance ecosystem, corporations often claim to de-identify our data. This supposedly removes all personal information (such as a person's name) from the data point (such as the fact that an unnamed person bought a particular medicine at a particular time and place). Personal data can also be aggregated, whereby data about multiple people is combined with the intention of removing personal identifying information and thereby protecting user privacy.
...
However, in practice, any attempt at de-identification requires removal not only of your identifiable information, but also of information that can identify you when considered in combination with other information known about you. Here's an example:
- First, think about the number of people that share your specific ZIP or postal code.
- Next, think about how many of those people also share your birthday.
- Now, think about how many people share your exact birthday, ZIP code, and gender.
According to one landmark study, these three characteristics are enough to uniquely identify 87% of the U.S. population. A different study showed that 63% of the U.S. population can be uniquely identified from these three facts.
We cannot trust corporations to self-regulate. The financial benefit and business usefulness of our personal data often outweighs our privacy and anonymity. In re-obtaining the real identity of the person involved (direct identifier) alongside a person's preferences (indirect identifier), corporations are able to continue profiting from our most sensitive information. For instance, a website that asks supposedly "anonymous" users for seemingly trivial information about themselves may be able to use that information to make a unique profile for an individual.
(Score: 4, Informative) by captain normal on Sunday November 12 2023, @09:27PM (1 child)
".. following the GDPR properly is hard."
Are you talking about hard for the common user who has to click through a custom cookie banner before a site will load properly? Or are you talking about hard for the web designers, ad trolls and ISPs trying to load up the common person's device with third party cookies, tracking cookies, supercookies, Zombie cookies and Flash cookies in order hide from likes of the EU cookie law, the PECR, CCPA and the LGPD.
It's all really as simple as outlawing any cookie other than a cookie that identifies an individual only on a site that they have signed up for.
The Musk/Trump interview appears to have been hacked, but not a DDOS hack...more like A Distributed Denial of Reality.
(Score: 2, Informative) by pTamok on Monday November 13 2023, @02:39AM
No, it's hard to handle personal data properly. It's inconvenient, and the restrictions make processing personal data an exercise in superlative data administration within the rules, which few organisations do well. It is a lot easier to ignore the regulations than follow them, and the fines for non-compliance are pitifully small.
Now, if individual users got a bounty of a non-trivial amount for each breach of the GDPR in handling their personal data, there would be a strong incentive for individuals to audit the use of their data; and a strong incentive for organisations to do things properly. As it is, even blatant breaches of the GDPR elicit a 'strongly worded letter' form the regulator. There are very, very few fines handed out - take a look: The CMS.Law GDPR Enforcement Tracker is an overview of fines and penalties which data protection authorities within the EU have imposed under the EU General Data Protection Regulation (GDPR, DSGVO). Our aim is to keep this list as up-to-date as possible. Since not all fines are made public, this list can of course never be complete, which is why we appreciate any indication of further GDPR fines and penalties. [enforcementtracker.com]