|
|
|
|
|
|
by boron1006
2512 days ago
|
|
|
For context, this was when ISPs were planning on selling data, and someone was collecting donations saying they'd reidentify senators internet history. I said that people shouldn't donate to them, because it wasn't even clear what the ISPs would release. Their point was it doesn't matter what the ISPs release, they could reidentify anyone with deep learning. > And it's not intuitively obvious which combinations of values allow you to recover which other ones. I think it's pretty intuitive that Zip Code and DOB are identifiers. That's why they count as such in HIPAA, and are used to demonstrate identity by governments, credit cards, etc. Personally I think this stuff just poisons the well when it comes to discussions of privacy. I think the goal is to remove the expectation of anonymity by claiming that it's never possible. |
|
|
It's great that you think that, but basically no company uses that definition. Most company privacy policies don't consider combinations of information when making this determination. E.g. your billing address might be personal information, but your zip code by itself might not. Similarly, IP address (with or without last octet), wifi SSID, location data, browsing history (or attributes derived from browsing history), and so on. Each individual piece of data isn't enough to personally identify you, so the privacy policy often doesn't have to be applied to it.
E.g. after reading the Google privacy policy[0], can you tell what protections your zip code and DOB have? Will Google treat them as personal information or personal identifiers or not?
0: https://policies.google.com/privacy?hl=en-US