Making smartphone data anonymous no longer enough: study

In Europe and many other jurisdictions, companies are legally bound to make this data anonymous, often doing so by removing telltale details like names or phone numbers. — Photo by camilo jimenez on Unsplash

PARIS: Privacy measures that are meant to preserve the anonymity of smartphone users are no longer suitable for the digital age, a study suggested on Tuesday.

Vast quantities of data are scooped up from smartphone apps by firms looking to develop products, conduct research or target consumers with adverts.

In Europe and many other jurisdictions, companies are legally bound to make this data anonymous, often doing so by removing telltale details like names or phone numbers.

But the study in the Nature Communications journal says this is no longer enough to keep identities private.

The researchers say people can now be identified with just a few details of how they communicate with an app like WhatsApp.

One of the paper's authors, Yves-Alexandre de Montjoye of Imperial College London, told AFP it was time to "reinvent what anonymisation means".

'Rich' data

His team took anonymised data from more than 40,000 mobile phone users, most of which was information from messaging apps and other "interaction" data.

They then "attacked" the data searching for patterns in those interactions - a technique that could be employed by malicious actors.

With just the direct contacts of the person included in the dataset, they found they could identify the person 15% of the time.

When further interactions between those primary contacts were included, they could identify 52% of people.

"Our results provide evidence that disconnected and even re-pseudonymised interaction data remain identifiable even across long periods of time," wrote the researchers from the UK, Switzerland and Italy.

"These results strongly suggest that current practices may not satisfy the anonymisation standard set forth by (European regulators) in particular with regard to the linkability criteria."

De Montjoye stressed that the intention was not to criticise any individual company or legal regime.

Rather, he said the algorithm they were using just provided a more robust way of testing what we regard as anonymised data.

"This dataset is so rich that the traditional way we used to think about anonymisation... doesn't really work any more," he said.

"That doesn't mean we need to give up on anonymisation."

He said one promising new method was to heavily restrict access to large datasets to just simple question and answer interactions.

That would get rid of the need to classify a dataset as "anonymised" or not. – AFP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 0
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

As they enter a 4th generation, are foldable phones finally mature?
This free tool lets you extract text from images
Google Stadia is dead, but its controllers live on
Twitter says users will be able to appeal account suspension
New smart-home standard for Android and Google devices has arrived
In NBA version of 'Pok�mon Go' you seek basketball pros, not monsters
U.S. SEC probes Elon Musk's role in Tesla self-driving claims - Bloomberg News
Twitter research group stall complicates compliance with new EU law
Top French university bans use of ChatGPT to prevent plagiarism
Man in SG admits to sexually exploiting minors, including two sisters he met on boy band fans’ chat group

Others Also Read