[aub3bhat]

The author is clearly mistaken. There are several things that are possible in the physical world yet illegal, e.g. forging signatures, breaking doors open, breaking into parked car, sending spam emails etc. Specifying reindentification as illegal is a great step since it let's legal machinery to do its job.

The reality of data privacy is that it's impossible to guarantee anonymity while keeping data useful.

Reindentification ban enshrine coherent guidelines into the law. It's a good step forward.

I am saying this as a researcher who has signed several agreements with US government agencies which had reindentification ban clause and penalty of felony offense if found violated.