- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Not sure which news website I should be using for the link, sorry! I’m happy to change it if anyone has a better one.
Google agreed to destroy or de-identify billions of records of web browsing data collected when users were in its private browsing “Incognito mode,” according to a proposed class action settlement filed Monday.
The proposal is valued at $5 billion, according to Monday’s court filing, calculated by determining the value of data Google has stored and would be forced to destroy and the data it would be prevented from collecting. Google would need to address data collected in private browsing mode in December 2023 and earlier. Any data that is not outright deleted must be de-identified.
I think in European law, for data to be anonymous, not only there should be no personal identifying information but also there should be no identifiers that allow to link non personal data together to trace the behavior of a single person. https://www.edps.europa.eu/system/files/2021-04/21-04-27_aepd-edps_anonymisation_en_5.pdf
When the data is aggragated there’s no true anonymization:
https://techcrunch.com/2019/07/24/researchers-spotlight-the-lie-of-anonymous-data
https://www.fastcompany.com/90278465/sorry-your-data-can-still-be-identified-even-its-anonymized
Do you mean not aggregated? Do you mean aggregating different kinds of data, or do you mean grouping together the same data for a category?
I mean that when lots of data is compiled, you can remove specific identifiers such as names, emails, IP addresses, phone numbers, etc (anonymization) but it’s been demonstrated that it’s relatively easy to re-identify specific individuals from “anonymized” data.
I think this means you still have some identifier that allows to link those data to a single person. This is quite explicitly not considered anonymization by the gdpr.