ProtonBlog(new window)
An illustration of anonymized data.

The truth about anonymized data

Share this page

Many companies that handle personal information reassure their users by saying that all the data is “anonymized.” If you don’t know any better, that sounds reassuring.

However, the method most companies use to anonymize data and the size of modern databases make it easy for attackers to re-identify individuals. From medical records to cell phone data sets, it only takes about a dozen pieces of information to find the person behind each “anonymous” record.

Part of our mission at Proton is to make sure people understand the privacy risks of sharing data. Maintaining your data security means sharing your data only with trustworthy organizations that are clear about what data they collect and what they do with it. 

Everyone leaves a trace

By definition, truly anonymized data is stripped of all the elements that could possibly identify the correct individual. (In this article, we’ll refer to this individual as the “data subject,” borrowing the GDPR(new window) term.) The most popular mode of anonymization is to remove personally identifiable information from a database, such as your name, your birth date, your phone number, your home address, etc.

On the surface, this might seem like enough to protect your privacy. However, as you begin overlapping different types of data, you can start to identify people. Indeed, one data anonymization company, Aircloak, even acknowledges that true anonymization is extremely difficult(new window): “as is the case with IT security, no 100% guarantee can be given, and often there is the need for a risk assessment.”

Here’s an example of re-identification(new window) from the Journal of Technology Science that can give you an idea of how this might work. In it, an “anonymous” medical record can be cross-referenced with another source of information (in this case a newspaper brief about a motorcycle crash) to identify the patient’s name.

It only takes 15 data points to make 99.98% of people identifiable in a database of 7 million people, according to one paper published in Nature(new window).

Fifteen data attributes may seem like a lot, but it’s not. The report references the Experian data breach(new window), which leaked an “anonymized” database containing 248 data points on 120 million Americans. Major political campaigns also keep massive databases(new window) (and distribute them to their allies) which include hundreds of data points on their data subjects.

If a database has fewer people in it, it becomes substantially easier to re-identify individuals. This investigation(new window) needed only four data points. There are dozens(new window) of other(new window) examples(new window).

Why this matters

Re-identifying data contained in a supposedly anonymized database is not just a neat statistical trick for academics. It has real-world consequences. Anonymized data is treated differently because it is supposed to protect the privacy of its data subjects.

In the US, anonymized medical records can be sold(new window) to pharmaceutical companies. A similar practice is allowed(new window) in the UK. 

Some countries do a better job of requiring effective anonymization. The European Union’s GDPR covers this in Recital 26(new window), which says that data must truly be anonymous to be exempt from the regulation’s data protection rules. And there are methods of anonymization, such as data generalization or perturbation(new window), that are more effective.

However, this issue touches on more than just the technical difficulties presented by anonymization. It also raises the misleading promises companies make when they talk about how they treat your data.

Data analysis can provide numerous benefits to citizens, organizations, and governments, and it is legitimate to collect and analyze data for specific purposes. The distributed privacy-preserving contact tracing(new window) project is one example of how data collection could be used to trace COVID-19 infections while protecting individuals’ privacy.

However, data collection must always be made clear to the data subject, and people should always have a choice. Many companies present vague or hard-to-decipher privacy policies(new window) that make it almost impossible for data subjects to know what data is being collected and who it is being shared with. These companies treat anonymization as a way to sell data while still meeting the minimum requirement for data security.

However, if malicious actors can re-identify you from anonymized data, it raises ethical questions about such a business model. As a user, it means you should evaluate the companies you share data with even more closely. And companies, at the very least, should notify their users of the risk of re-identification before they share their data. If not, it is impossible for users to give their informed consent. 

The Proton solution

When it comes to data protection, the best approach is to collect as little as necessary to securely deliver service to users. At Proton Mail, we work hard to limit the amount of information we collect, as we make clear in our privacy policy(new window).

We use technical safeguards, such as end-to-end encryption(new window) and zero-access encryption(new window), to ensure that you have control over who has access to your messages. We protect our users’ privacy by limiting the amount of data we require(new window) to set up an account and by offering anonymous payment options(new window).

We’ve also removed financial incentives to access users’ data. Proton is funded through a subscription-based, ad-free business model(new window). This allows us to focus on our main mission: to increase freedom and privacy online. If we fail to protect your data, we will lose users, which means our interests are aligned with the community’s.

As a tech company made up of physicists and engineers, we recognize the value of data. However, where other companies see your data as a resource to be exploited, we see something personal that belongs to you and deserves safekeeping.

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support.

Feel free to share your feedback and questions with us via our official social media channels on Twitter(new window) and Reddit(new window).

Protect your privacy with Proton
Create a free account

Share this page

Richie Koch(new window)

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

Related articles

What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m
In the early days when Proton started, we often received a question along the lines of “I love the product and what Proton stands for, but how do I know you will still be around to protect my data 10 years from now?”  Ten years and 100 million accou
Credential stuffing is a popular type of cyberattack where attackers take login credentials and use them on thousands of websites, hoping to fraudulently gain access to people’s accounts. It’s an effective attack, but fortunately, one that’s easy to
With Skiff abruptly shutting down operations, many people are on the lookout for alternatives that don’t compromise on privacy — and won’t suddenly disappear. People were attracted to Skiff because it promised privacy, no ads, end-to-end encryption,
Skiff is dead. On Feb. 9, the email company Skiff announced it was being bought by Notion. Many Skiff customers have been shocked by this news, as their inboxes have been sold out from under them. Skiff gave people six months to export their data be
Looking into the Dropbox privacy policy
Dropbox was the first mainstream cloud storage provider, and still the biggest player on the market, with 700 million users in 2022. We took a dive into Dropbox’s privacy policy to see how well the company protects the personal data of those millions