One key method for ensuring privacy while processing large amounts of data is de-identification. De-identified data refers to data through which a link to a particular individual cannot be established. This often involves “scrubbing” the identifiable elements of personal data, making it “safe” in privacy terms while attempting to retain its commercial and scientific value.
In the era of big data, the debate over the definition of personal information, de-identification and re-identification has never been more important. Privacy regimes often rely on data being considered Personal in order to require the application of privacy rights and protections. Data that is anonymous is considered free of privacy risk and available for public use.
Yet much data that is collected and used exists somewhere on a spectrum between these stages. FPF’s De-ID Project has examined practical frameworks for applying privacy restrictions to data based on the nature of data that is collected, the risks of de-identification, and the additional legal and administrative protections that may be applied.
Privacy Protective Research: Facilitating Ethically Responsible Access to Administrative Data
Jules Polonetsky, CEO, Future of Privacy Forum, Omer Tene, Senior Fellow, Future of Privacy Forum, and Daniel Goroff, Vice President and Program Director, Alfred P. Sloan Foundation authored a paper titled Privacy Protective Research: Facilitating Ethically Responsible Access to Administrative Data. This paper will be featured in an upcoming edition of The Annals of the American Academy of Political and Social Science.
Announcing the Inaugural Issue of Future of Privacy Forum's Privacy Scholarship Reporter
Future of Privacy Forum is pleased to announce it has published the inaugural issue of the Privacy Scholarship Reporter. This regular newsletter will highlight recent privacy research and is published by the Privacy Research and Data Responsibility Network (RCN), an FPF initiative supported by the National Science Foundation.
Chasing the Golden Goose: What is the path to effective anonymisation?
Searching for effective methods and frameworks of de-identification often looks like chasing the Golden Goose of privacy law. For each answer that claims to unlock the question of anonymisation, there seems to be a counter-answer that declares anonymisation dead. In an attempt to de-mystify this race and un-tangle de-identification in practical ways, the Future of Privacy Forum and the Brussels Privacy Hub joined forces to organize the Brussels Symposium on De-identification – “Identifiability: Policy and Practical Solutions for Anonymisation and Pseudonymisation”.
FPF in Brussels: The Law and Science of De-Identification
Last week, FPF brought together a panel of technology, legal, regulatory, and business voices to discuss “The Law and Science of De-Identification” at the 10th annual Computers, Privacy, and Data Protection conference.
Advancing Knowledge Regarding Practical Solutions for De-Identification of Personal Data: A Call for Papers
De-identification of personal information plays a central role in current privacy policy, law, and practice. Yet there are deep disagreements about the efficacy of de-identification to mitigate privacy risks. Some critics argue that it is impossible to eliminate privacy harms from publicly released data using de-identification because other available data sets will allow attackers to identify individuals through linkage attacks.
Protecting the Privacy of Customers of Broadband and Other Telecommunications Services
The Future of Privacy Forum filed comments with the Federal Communications Commission (FCC) in response to the FCC’s proposed rules regarding the privacy and data practices of Internet Services Providers (ISPs). The FCC’s March 31, 2016 Notice of Proposed Rulemaking (NPRM or Notice) seeks to regulate ISP’s data practices pursuant to Section 222 of the Communications Act – a sector-specific statute that includes detailed requirements that apply to telecommunications services, but does not apply to other services offered by broadband providers nor to online services operating at the edge of the network (e.g. web sites).
June 22nd Webinar: PII Cookies and De-Identification – Accounting for Shades of Grey
Despite a broad consensus around the need for and value of de-identification, one of the biggest challenges in the privacy profession remains how to determine when data is, or is not, de-identified. Join us for this in-depth discussion on how and when privacy professionals, industry groups, and regulators around the world have tackled this thorny question.
A Visual Guide to Practical Data De-Identification
For more than a decade, scholars and policymakers have debated the central notion of identifiability in privacy law.
De-Identification: Practice and Policy, April 13 in San Francisco
The Future of Privacy Forum, EY, and Privacy Analytics are hosting an event to share and advance practices and policies around de-identification. This all day forum will include panel discussions on topics such as emerging policy questions, de-identification case studies, implementation and best practices, and the role of controls. We encourage audience participation and knowledge sharing. Wednesday, April 13, […]
FPF Welcomes New Senior Fellow – Ira Rubinstein
FPF is proud to welcome its newest Senior Fellow, Ira Rubinstein. Ira will be working with FPF staff, fellows and members on a number of cross-Atlantic privacy issues and will be collaborating with EU academics and institutions on projects focused on de-identification, ethics, big data, and other issues. Ira Rubinstein is a Senior Fellow at […]