From a few seemingly mundane data points to thousands, from anonymous to identified. Our increasingly naive attitude toward data collection is allowing companies to get to know us in the most personal and intimate way.
In this digital world, companies possess a hoarder-like mentality when it comes to collecting and storing user data. Some enterprises even make it their sole business to collect and monetize online activity. This reality that we consumers have simply learned to accept is leading to dangerous outcomes for our privacy.
They know everything about you
It only takes a few pieces of information to identify a specific person. You may think that since you don’t share your name, address, or phone number, you’re safe. Unfortunately, you’re not.
Research shows that it only takes four anonymized data points out of a collected set to identify a specific person. For example, if you click on four ads, make four credit card purchases, or visit four different locations.
But your data doesn’t get collected here and there in such tiny batches. Companies have thousands of data points on you alone. And while that information may have become “anonymized” by deleting any uniquely identifiable details, with just a few of them, you can be re-identified, not just in that series but potentially across all data ever collected. Suddenly, someone can ascertain an astonishing amount about you.
Read more: TechCrunch, “Researchers spotlight the lie of ‘anonymous’ data”
The worldwide cookie dilemma
When the GDPR (Europe’s General Data Protection Regulation) came into effect in 2018, companies that wanted to collect user information that otherwise wasn’t strictly necessary for the website’s functionality were suddenly required to notify website visitors of the use of such cookies and gain their active consent.
Not all cookies are used in this way. Some are essential to technical functions (like logging in to a website or adding an item to a cart) and do not need your consent. Therefore, any website that asks for cookie consent is, by definition, collecting unnecessary data about its visitors. These days, that can seem like the entire World Wide Web, and many are all too quick to click “I agree” without giving second thought to the consequences.
Read more: The Guardian, “'Anonymised' data can never be totally anonymous, says study”
Returning to anonymity requires a change in mindset
It’s pretty clear that we have a digital-age problem. Knowing just a few uninteresting facts about someone immediately leads to knowing all there is to know. We haven’t even examined what happens when data sets (i.e. you) fall victim to a security hack.
Credit card purchases, browsing history, clicks, views all of our internet activity is impossible to keep anonymous. That’s why adopting a mindset of collecting and retaining as little data as possible is the only solution that works today.
Keeping unnecessary data should strictly be forbidden. If we continue down the current path, a society built on surveillance and control is just over the horizon.
- In a study published in Science, credit card metadata could be used to identify unique shoppers.
- Netflix users were identified from a database of nameless customer records in a study at the University of Texas at Austin.
- In a Harvard study, patients in an anonymized hospitalization data set were reidentified by name.
- Researchers are able to estimate the likelihood of re-identifying people in incomplete data sets, as published in Nature Communications.