Some interesting issues in privacy law

Anonymizing data doesn't really work very well. In many cases, it's actually fairly easy to recover a full data set from anonymized data. Despite this, lots of privacy laws treat anonymized data differently than the full data set. Here's how Paul Ohm summarized this in his paper "Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization," in the UCLA Law Review.

Modern privacy laws tend to act preventatively, squeezing down the flow of particular kinds of information in order to reduce predictable risks of harm. In order to squeeze but not cut off valuable transfers of information, legislators have long relied on robust anonymization to deliver the best-of-both-worlds: the benefits of information flow and strong assurances of privacy. The failure of anonymization has exposed this reliance as misguided, and has thrown carefully balanced statutes out of equilibrium.

At the very least, legislators must abandon the idea that we protect privacy when we identify and remove PII. The idea that we can single out fields of information that are more linkable to identity than others has lost its scientific basis and must be abandoned.

So it certainly looks like some lawyers understand how technology has the possibility to dramatically reduce our privacy, but it also looks like the politicians who create privacy laws don't understand this as well. If you're interested in this, Ohm's paper seems to be a good overview of the issues and how they're being handled today.

Leave a Reply

Your email address will not be published. Required fields are marked *