De-Identification

Today, the Future of Privacy Forum released a new study, Understanding Corporate Data Sharing Decisions: Practices, Challenges, and Opportunities for Sharing Corporate Data with Researchers. In this report, we aim to contribute to the literature by seeking the “ground truth” from the corporate sector about the challenges they encounter when they consider making data available for academic research. We hope that the impressions and insights gained from this first look at the issue will help formulate further research questions, inform the dialogue between key stakeholders, and identify constructive next steps and areas for further action and investment.

Washington, DC – Today, the Future of Privacy Forum released a new study, Understanding Corporate Data Sharing Decisions: Practices, Challenges, and Opportunities for Sharing Corporate Data with Researchers. In this report, FPF reveals findings from research and interviews with experts in the academic and industry communities. Three main areas are discussed: 1) The extent to which leading companies make data available to support published research that contributes to public knowledge; 2) Why and how companies share data for academic research; and 3) The risks companies perceive to be associated with such sharing, as well as their strategies for mitigating those risks.

Jules Polonetsky, CEO, Future of Privacy Forum, Omer Tene, Senior Fellow, Future of Privacy Forum, and Daniel Goroff, Vice President and Program Director, Alfred P. Sloan Foundation authored a paper titled Privacy Protective Research: Facilitating Ethically Responsible Access to Administrative Data. This paper will be featured in an upcoming edition of The Annals of the American Academy of Political and Social Science.

Future of Privacy Forum is pleased to announce it has published the inaugural issue of the Privacy Scholarship Reporter. This regular newsletter will highlight recent privacy research and is published by the Privacy Research and Data Responsibility Network (RCN), an FPF initiative supported by the National Science Foundation.

Searching for effective methods and frameworks of de-identification often looks like chasing the Golden Goose of privacy law. For each answer that claims to unlock the question of anonymisation, there seems to be a counter-answer that declares anonymisation dead. In an attempt to de-mystify this race and un-tangle de-identification in practical ways, the Future of Privacy Forum and the Brussels Privacy Hub joined forces to organize the Brussels Symposium on De-identification – “Identifiability: Policy and Practical Solutions for Anonymisation and Pseudonymisation”.

Last week, FPF brought together a panel of technology, legal, regulatory, and business voices to discuss “The Law and Science of De-Identification” at the 10th annual Computers, Privacy, and Data Protection conference.

De-identification of personal information plays a central role in current privacy policy, law, and practice. Yet there are deep disagreements about the efficacy of de-identification to mitigate privacy risks. Some critics argue that it is impossible to eliminate privacy harms from publicly released data using de-identification because other available data sets will allow attackers to identify individuals through linkage attacks.

The Future of Privacy Forum filed comments with the Federal Communications Commission (FCC) in response to the FCC’s proposed rules regarding the privacy and data practices of Internet Services Providers (ISPs). The FCC’s March 31, 2016 Notice of Proposed Rulemaking (NPRM or Notice) seeks to regulate ISP’s data practices pursuant to Section 222 of the Communications Act – a sector-specific statute that includes detailed requirements that apply to telecommunications services, but does not apply to other services offered by broadband providers nor to online services operating at the edge of the network (e.g. web sites).

Despite a broad consensus around the need for and value of de-identification, one of the biggest challenges in the privacy profession remains how to determine when data is, or is not, de-identified. Join us for this in-depth discussion on how and when privacy professionals, industry groups, and regulators around the world have tackled this thorny question.

For more than a decade, scholars and policymakers have debated the central notion of identifiability in privacy law.