FPF in Brussels: The Law and Science of De-Identification


Data Privacy

Last week, FPF brought together a panel of technology, legal, regulatory, and business voices to discuss “The Law and Science of De-Identification” at the 10th annual Computers, Privacy, and Data Protection conference.

De-identification—the process of modifying personal data to ensure that data subjects are no longer identifiable—is one of the primary measures that organizations take to protect privacy. Over the past few years however, computer scientists and mathematicians have demonstrated that de-identification is not foolproof. At the same time, by necessity, organizations around the world continue to rely on a wide range of technical, administrative and legal measures to reduce data identifiability. The EU General Data Protection Regulation recognizes the concept of pseudonymization, albeit with limited legal implications compared to its stricter relative, anonymization.

This panel of interdisciplinary experts discussed the technology, law, policy, and implementation of de-identification techniques in Europe. Claudia Diaz, Professor at KU Leuven, chaired the session and introduced the complicated landscape in which de-identification is studied, implemented, and debated. Kelsey Finch, Policy Counsel for the Future of Privacy Forum, moderated the session, and tied the discussion at CPDP to its origins in the November 2016 Brussels Privacy Symposium workshop on Identifiability: Policy and Practical Solutions for Anonymization and Pseudonymization.

  • Claude Castelluccia, Research Director and Head of the Privatics Group for INRIA, kicked off the session with an overview of “differential testing,” a technique designed to identify when a dataset may be at risk for leaking data subjects’ sensitive attributes, rather than simply their identities.
  • Sophie Stalla-Bourdillon, Associate Professor at the University of Southampton, overviewed the shifting definitions of de-identified or anonymous data in European law and called for a recognition of amore dynamic legal standard.
  • Alessandro Spina, Data Protection Officer for the European Medical Agency, discussed developing the first set of professional guidelines for de-identifying and publishing pharmaceutical clinical reports.
  • Simon Hania, Vice President of Privacy and Security at TomTom, discussed the role of de-identification to achieving business goals, and the tough questions that arise when implementing these tools within organizations.

The papers on which Claude Castelluccia and Sophie Stalla-Bourdillon, and Alessandro Spina based their comments were also selected finalists at the Brussels Privacy Symposium, available here and here.

In a robust question and answer session with the audience and their fellow panelists, the speakers touched on questions, including: how to incentivize robust de-identification within organizations and across sectors; the implications of open data or release-and-forget styles of de-identification; transparency about de-identification commitments and techniques for consumers; and what contextual factors matter most in risk-based de-identification approaches.

Video of the session is available below.

If you would like to participate in this and future discussions regarding EU privacy issues, make sure you Save the Date! The next Brussels Privacy Symposium is November 6, 2017.