Making smartphone data anonymous no longer enough: study

In Europe and many other jurisdictions, companies are legally bound to make this data anonymous, often doing so by removing telltale details like names or phone numbers. — Photo by camilo jimenez on Unsplash

PARIS: Privacy measures that are meant to preserve the anonymity of smartphone users are no longer suitable for the digital age, a study suggested on Tuesday.

Vast quantities of data are scooped up from smartphone apps by firms looking to develop products, conduct research or target consumers with adverts.

In Europe and many other jurisdictions, companies are legally bound to make this data anonymous, often doing so by removing telltale details like names or phone numbers.

But the study in the Nature Communications journal says this is no longer enough to keep identities private.

The researchers say people can now be identified with just a few details of how they communicate with an app like WhatsApp.

One of the paper's authors, Yves-Alexandre de Montjoye of Imperial College London, told AFP it was time to "reinvent what anonymisation means".

'Rich' data

His team took anonymised data from more than 40,000 mobile phone users, most of which was information from messaging apps and other "interaction" data.

They then "attacked" the data searching for patterns in those interactions - a technique that could be employed by malicious actors.

With just the direct contacts of the person included in the dataset, they found they could identify the person 15% of the time.

When further interactions between those primary contacts were included, they could identify 52% of people.

"Our results provide evidence that disconnected and even re-pseudonymised interaction data remain identifiable even across long periods of time," wrote the researchers from the UK, Switzerland and Italy.

"These results strongly suggest that current practices may not satisfy the anonymisation standard set forth by (European regulators) in particular with regard to the linkability criteria."

De Montjoye stressed that the intention was not to criticise any individual company or legal regime.

Rather, he said the algorithm they were using just provided a more robust way of testing what we regard as anonymised data.

"This dataset is so rich that the traditional way we used to think about anonymisation... doesn't really work any more," he said.

"That doesn't mean we need to give up on anonymisation."

He said one promising new method was to heavily restrict access to large datasets to just simple question and answer interactions.

That would get rid of the need to classify a dataset as "anonymised" or not. – AFP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Opinion: More parental controls don't solve social media woes
WEF 2022: YouTube CEO discusses Russia, recession and misinformation
U.S. agency asks Tesla for information on Canadian fire incident
Tesla submits application to expand German plant - rbb
Big tech ad revenue growth to taper as pandemic bubble pops -analyst
Meta working on Instagram access issues reported by users
CD Projekt's first-quarter profit more than doubles
Student in SG, 16, made to fake kidnapping for ransom in China officials’ scam
Musk sued by Twitter investors for stock 'manipulation' during takeover bid
Get your crypto house in order, old guard tells Davos debutantes

Others Also Read