One key method for ensuring privacy while processing large amounts of data is de-identification. De-identified data refers to data through which a link to a particular individual cannot be established. This often involves “scrubbing” the identifiable elements of personal data, making it “safe” in privacy terms while attempting to retain its commercial and scientific value.
In the era of big data, the debate over the definition of personal information, de-identification and re-identification has never been more important. Privacy regimes often rely on data being considered Personal in order to require the application of privacy rights and protections. Data that is anonymous is considered free of privacy risk and available for public use.
Yet much data that is collected and used exists somewhere on a spectrum between these stages. FPF’s De-ID Project has examined practical frameworks for applying privacy restrictions to data based on the nature of data that is collected, the risks of de-identification, and the additional legal and administrative protections that may be applied.
FPF Comments on the California Consumer Privacy Act (CCPA)
On Friday, the Future of Privacy Forum submitted comments to the Office of the California Attorney General (AG), Xavier Becerra. Read FPF’s Full Comments (11-page letter) See Attachment 1: Comparing Privacy Laws: GDPR vs. CCPA See Attachment 2: A Visual Guide to Practical De-identification In FPF’s outreach to the AG, we commended the office for its […]
Protecting the Privacy of Customers of Broadband and Other Telecommunications Services
The Future of Privacy Forum filed comments with the Federal Communications Commission (FCC) in response to the FCC’s proposed rules regarding the privacy and data practices of Internet Services Providers (ISPs). The FCC’s March 31, 2016 Notice of Proposed Rulemaking (NPRM or Notice) seeks to regulate ISP’s data practices pursuant to Section 222 of the Communications Act – a sector-specific statute that includes detailed requirements that apply to telecommunications services, but does not apply to other services offered by broadband providers nor to online services operating at the edge of the network (e.g. web sites).
Comments to NTIA on Big Data and Privacy
Today, FPF submitted comments to the NTIA as it begins its exploration of how big data impact the Consumer Privacy Bill of Rights. While the NTIA sought comment on over a dozen key questions, our filing focus largely on four issues: (1) the need for additional clarity surrounding the flexible application of the Consumer Privacy […]
Comments for the White House "Big Data Review"
This afternoon, FPF submitted comments to help inform the White House Office of Science and Technology Policy’s “Big Data Review.” Announced in January, the White House Big Data Review has been a helpful exercise in scoping out how big data is changing our society. Through public workshops at MIT, NYU, and Berkeley, the review has […]
Comments to the FCC About "Anonymized" and "Deidentification"
Yesterday, the Federal Communications Commission posted FPF’s comments about “anonymization” and “deidentification.” The comments come in response to a request from Public Knowledge that the FCC clarify whether “anonymized” or “deidentified” but non-aggregate call records constitute individually identifiable “customer proprietary network information” under Section 222 of the Communications Act. FPF submitted comments to address the argument that […]