- Thierry Spanjaard
Anonymity is a requirement for privacy, enforced by GDPR, and a necessity whenever data analysis is conducted. We all want to make sure that our data are kept anonymous whenever they are used for data mining, for statistics or for any other purpose. At the same time, many services are collecting an increasing amount of data, creating potential threats to our privacy.
We all know that our purchase patterns are analyzed thanks to registering for loyalty programs, or even retailers linking purchases with credit card numbers. But this may lead to some awkward cases: a few years ago, Target, a major US-based retailer, had found that pregnant women were purchasing more unscented lotion or supplements like calcium, magnesium and zinc. Thanks to data mining, Target started to send coupons for baby items to customers according to their pregnancy scores. When a father of a minor girl saw those coupons in his daughter's email, he got extremely angry! Data mining has led Target to reveal the daughter's pregnancy to the father before she wanted!
The debate is even more significant when one deals with healthcare related data. We are all ready to encourage research on cross factors that may lead to cancer development or on genetic factors that made some people more exposed to Covid-19, but it becomes a shock when these data are made public and the names and address of people suffering from a given disease are published.
The issue arises when a combination of data including demographics, such as age group, gender, and a residence area can lead to identifying a small sub group or even one individual. In 2010, census data in the US, although declared anonymized, allowed researchers to massively re-identify individuals, in particular transgender teenagers, according to The Conversation.
Geolocation can also be a giveaway! Four geolocation points collected at four different times in a day allow to identify a person with a 95% success rate in a data set including 1.5 million people, according to research completed by Yves-Alexandre De Montjoye.
Combining anonymity with ID age verification is an interesting topic! This is where the expertise of our industry comes into play. The principle set up by the European authorities as well as by the GAFAM general conditions is that social networks are reserved to those over the age of 15. The DSA - Digital Services Act – includes provisions for the protection of minors. Now, the European Parliament has adopted a new bill requiring social media to follow the same safety rules as pornography sites to prevent young users below 15 years old from creating accounts. Consequently, social media users professing to be 15 years or older would have to download a mobile government-approved digital certification to prove their eligibility to access these sites, according to Identity Week.
The secure transactions industry, thanks to its expertise in portable connected objects and cryptography has a role to play is answering these issues with the right technology solutions. We can at the same time provide strong authentication when required and anonymity when necessary.