- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Not sure which news website I should be using for the link, sorry! I’m happy to change it if anyone has a better one.
Google agreed to destroy or de-identify billions of records of web browsing data collected when users were in its private browsing “Incognito mode,” according to a proposed class action settlement filed Monday.
The proposal is valued at $5 billion, according to Monday’s court filing, calculated by determining the value of data Google has stored and would be forced to destroy and the data it would be prevented from collecting. Google would need to address data collected in private browsing mode in December 2023 and earlier. Any data that is not outright deleted must be de-identified.
Hmm, it is nice to see an outcome from a lawsuit that is practical and not just a cost-of-doing-business fine.
But “de-identify” doesn’t inspire a lot of confidence… anonymized data can be de-anonymized pretty easily most of the time. Also have they kept accurate internal records on all the places pieces of that data have gone inside their various projects and systems? Who would be capable of verifying that it had all been deleted?
I’ve verified throughout our fox network that there are no foxes in any henhouses at the moment. They’ve been instructed to take steps to ensure that no foxes end up in any henhouses accidentally going forward and the foxes tell me that they are truly sorry this time. Despite past reassurances of not being evil, they were in fact…evil. We are rolling out an internal audit system with the help of a 3rd party partner who owes us lots of stuff. We plan on letting the advocacy groups check out our henhouses as long as they agree to be bound by an NDA.
I think in European law, for data to be anonymous, not only there should be no personal identifying information but also there should be no identifiers that allow to link non personal data together to trace the behavior of a single person. https://www.edps.europa.eu/system/files/2021-04/21-04-27_aepd-edps_anonymisation_en_5.pdf
When the data is aggragated there’s no true anonymization:
https://techcrunch.com/2019/07/24/researchers-spotlight-the-lie-of-anonymous-data
https://www.fastcompany.com/90278465/sorry-your-data-can-still-be-identified-even-its-anonymized
Do you mean not aggregated? Do you mean aggregating different kinds of data, or do you mean grouping together the same data for a category?
I mean that when lots of data is compiled, you can remove specific identifiers such as names, emails, IP addresses, phone numbers, etc (anonymization) but it’s been demonstrated that it’s relatively easy to re-identify specific individuals from “anonymized” data.
I think this means you still have some identifier that allows to link those data to a single person. This is quite explicitly not considered anonymization by the gdpr.