We asked 11 different experts that are journalists, researchers, data protection officers, consultants and data scientists about their thoughts on how Privacy Enhancing Technologies (PETs) and data anonymization can help in a data-driven future.
See what they had to say below.
Wolfie Christl Privacy Researcher |
“Companies very often use the word anonymization when really nothing is anonymized at all. […] These are very often pseudonymized data. […] I think it basically makes sense to use anonymization methods and then try to use [that] data more extensively. If this works, I would even say that in many cases we need more access to such evaluations for society as a whole, especially for the common good.”
Follow Wolfie Christl on LinkedIn and Twitter.
Oliver Schonschek IT Journalist |
“Many companies believe that data protection will make Big Data less important to them because the analysis will no longer be as accurate and meaningful when it is applied to data assets. Anonymization seems to reduce the opportunities and benefits of profiling and big data analytics for many companies. But apart from the fact that this is not actually the case, the general data protection regulation has other consequences for Big Data: the collection of data becomes more targeted, storage costs are re-evaluated and data quality in storage increases. Thanks to GDPR, Big Data becomes leaner, more affordable (not necessarily cheaper) and more secure.”
Follow Oliver Schonschek on LinkedIn and Twitter.
Dr Fabian Prasser Medical Data Privacy Researcher, TUM Developer of ARX Anonymization Tool |
“Medical data of patients and study participants are particularly sensitive and must be well protected. At the same time, big data analyses and methods of machine learning have become indispensable in modern biomedical research. In addition to informed consent, organisational and technical measures, in particular Privacy Enhancing Technologies (PETs), play an important role in this context.”
Follow Fabian Prasser on LinkedIn and Twitter.
Félicien Vallet Privacy Technologist, CNIL |
“The increase in complexity and opacity of our information systems makes it very important that we further continue the research in Privacy Enhancing Technologies. They are essential tools to comply with GDPR requirements, and their development is perfectly in phase with the spirit of this legislation.”
Follow Félicien Vallet on LinkedIn and Twitter.
Dr Helena Mihaljević Professor (Data Science / Analytics) at HTW Berlin |
“Technologies that secure the privacy of individuals in data are essential for companies to collaborate, in particular in the public sector. Urban planning projects or changes in the field of mobility require a better understanding of diverse actors in the city, and cooperation is only conceivable with the help of privacy enhancing technologies.”
Follow Helena Miheljevic on LinkedIn and Twitter.
Björn Bloching, Lars Luck, Thomas Ramge Authors of the book “Data Unser” |
“In our projects we often see that the additional work involved in handling personalized data is not worthwhile. Sales growth through analysis of anonymized customer data can work just as well.”
More about Data Unser: Wie Kundendaten die Wirtschaft revolutionieren.
Ilya Vasilenko Global Risk, Compliance & Data Protection Officer, Teralytics |
“In the area of data protection, anonymization plays an important role. Anonymized data are not subject to data protection laws, and thus there is a natural temptation to anonymize. Data Protection Authorities do not physically have the capacity to validate all anonymization activities the companies are carrying out. Thus, it remains to a big extent with companies to assess the quality of their anonymization process. An additional issue is the lack of comprehensive official guidance. E.g. the official guidance on anonymization (Opinion 05/2014 on Anonymization Techniques) doesn’t make a distinction between anonymization of individual-level data and anonymization of aggregated data. The principles of linkability, inference, and singling-out, K-anonymity and other principles, as defined in this Opinion, are not applicable when anonymizing individual-level data (e.g. telecom/GPS traces, purchasing history, health history). To mitigate both issues, it is important that the legislators intensify the collaboration with stakeholders from the industry and the experts from the scientific community, bringing all three parties at the same table to (a) make use of the decades of the existing research (b) validate the concepts regarding practicability of their application.”
Follow Ilya Vasilenko on LinkedIn and Twitter.
Simone Kaiser Deputy Director Center for Responsible Research and Innovation, Fraunhofer IAO |
“It is the trust that is placed in data security that will become a key competitive factor. When it comes to AI, companies will not only need ever increasing amounts of data, but also data of a higher quality, irrespective of whether they are in the B2B sector or the consumer sector. This is applicable to supply chains and in a production context, for example. Companies which can guarantee anonymization of data from third parties and the use of a secure cloud for storage will be at an advantage.”
Follow Simone Kaiser on LinkedIn and Twitter.
Paul Francis Scientific Director, Max Planck Insitute for Software Systems, Aircloak Co-Founder |
“The GDPR offers a kind of “get out of jail free” card for anonymization in that anonymized data is not subject to GDPR. But determining whether data is anonymous or not is hard: ten different experts would probably give you ten different opinions on how to do this. So there is a lot of uncertainty at the moment. I’m hoping that initiatives like the General Data Anonymization Score and Aircloak’s anonymization bounty program can lead towards a better understanding of anonymity.”
Follow Paul Francis on LinkedIn and Twitter.
Lisa Martin Data Strategy, idalab GmbH |
“The universe of Privacy Enhancing Technologies (PET) is messy and vague, as terms and concepts are often used interchangeably. The general lack of structure in this sphere makes it frustratingly difficult for non-experts to understand. There are three key points for someone to take away who is considering implementing PETs. First, the right approach is highly use case dependent. Second, the right approach may consist of technological solutions, methodological solutions or both. Third, this approach may not be perfect, but it is crucial to tackle data privacy head on and work with what is possible now. Don’t become paralyzed in the face of complex privacy challenges!”
Follow Lisa Martin on LinkedIn and read more about her analysis of PETs in “How to unlock valuable personal data for analysis: shedding light on the byzantine world of privacy-enhancing technology”.
Florian Glatzner Privacy Consultant, Verbraucherzentrale Bundesverband |
“Anonymization is a key technology for carrying out data analysis without interfering with the fundamental rights of the people whose data is collected. One problem, however, is that many of the techniques sold today as anonymization are merely pseudonymization. Also, anonymization cannot be regarded as a one-off procedure, but must be understood as a dynamic process that has to be re-evaluated time and again. For this reason, I consider it important to intensify research into appropriate methods which, on the one hand, ensure a high quality of analysis, but, on the other hand, guarantee a high standard of data protection. Germany and Europe could play a pioneering role here with innovative products.”
Follow Florian Glatzner on Twitter.
As you can see, all these experts agree that anonymization will play an increasingly important role in business. However, the lack of clear guidance on this could cause issues. Projects such as the Open General Data Anonymity Score can help Data Protection Authorities and companies gain a better overview of the effectiveness of anonymization solutions.
In any case, we are looking forward to the further developments of Privacy Enhancing Technologies, both in terms of research and the practical application.
We will keep you posted!
Categorised in: Anonymization, GDPR, General, Privacy
Anonymization CNIL Compliance GDPR Privacy