Skip to main content
SpringerLink
Log in

Anonymity: A Comparison Between the Legal and Computer Science Perspectives

  • Chapter
  • First Online:
European Data Protection: Coming of Age

Abstract

Privacy preservation has emerged as a major challenge in ICT. One possible solution for enforcing privacy is to guarantee anonymity. Indeed, according to international regulations, no restriction is applied to the handling of anonymous data. Consequently, in the past years the notion of anonymity has been extensively studied by two different communities: Law researchers and professionals that propose definitions of privacy regulations, and Computer Scientists attempting to provide technical solutions for enforcing the legal requirements.

In this contribution we address the problem with an interdisciplinary approach, in the aim to encourage the reciprocal understanding and collaboration between researchers in the two areas. To achieve this, we compare the different notions of anonymity provided in the European data protection Law with the formal models proposed in Computer Science. This analysis allows us to identify the main similarities and differences between the two points of view, hence highlighting the need for a joint research effort.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Paul Ohm, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization,”UCLA Law Review, Vol. 57, p. 1701, 2010(2009).

  2. 2.

    Jane Yakowitz, “Tragedy of the Data Commons,” Harvard Journal of Law and Technology, Vol. 25, 1, 2011 (2011).

  3. 3.

    Paul M. Schwartz and Daniel J. Solove, “The PII Problem: Privacy and a New Concept of Personally Identifiable Information,”New York University Law Review, Vol. 86, 2011(2011).

  4. 4.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, 31–50.

  5. 5.

    Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201, 31.7.2002, 37–47.

  6. 6.

    Giusella Finocchiaro and Claire Vishik, “Law and Technology: Anonymity and Right to Anonymity in a Connected World,” inMovement-Aware Applications for Sustainable Mobility: Technologies and Approaches, ed. Monica Wachowicz (IGI Global, 2010), 140-156.

  7. 7.

    Giusella Finocchiaro, “Anonymity and the law in Italy,” inLessons from the identity trail, ed. Ian Kerr, Valerie M. Steeves and Carole Lucock (Oxford University Press, 2009), 523–536.

  8. 8.

    Directive 95/46/EC, Art. 2.

  9. 9.

    Opinion 4/2007 of Article 29 Data Protection Working Party on the concept of personal data, WP 136, 20.06.2007.

  10. 10.

    Working Party document on data protection issues related to RFID technology, WP 105, 19/01/2005, Art. 8.

  11. 11.

    The Recitals are the opening statements that introduce the main provisions of the European Directives and present the reasons for their adoption.

  12. 12.

    Italian Personal Protection Code, Legislative Decree no. 196, 30/06/2003, art. 4, co. 1, lett. n).

  13. 13.

    A recent decision of the Italian Supreme Court (no. 19365, 22/09/2011) has stated the following principle: data about the health of a child is “sensitive data” (according to the definition of Legislative Decree no. 196/2003, art. 4, co. 1, lett. d) of the child’s parents: therefore an unlawful processing of this information allows the parents to act for the protection of an own right.

  14. 14.

    Recommendation No. R (97) 5 of the Committee of Ministers to Member States on the protection of medical data, 13/02/1997.

  15. 15.

    Recommendation No. R (97) 18 of the Committee of Ministers to Member States on the protection of personal data collected and processed for statistical purposes, 30/09/1997.

  16. 16.

    Opinion 4/2007, Art. 12.

  17. 17.

    Rakesh Agrawal and Ramakrishnan Srikant, “Privacy-preserving data mining,” inProceedings of the 2000 ACM SIGMOD international conference on Management of data(New York, NY, USA: ACM, 2000), 439-450.

  18. 18.

    Cynthia Dwork, “Differential Privacy,” inAutomata, Languages and Programming,4052:1-12, Springer Berlin/Heidelberg, 2006.

  19. 19.

    Anna Monreale, Dino Pedreschi, and Ruggero G. Pensa, “Anonymity technologies for privacy-preserving data publishing and mining,” inPrivacy-Aware Knowledge Discovery: Novel Applications and New Techniques, F. Bonchi, E. Ferrari, Chapman & Hall/CRC Data Mining and Knowledge Discovery Series, 2010.

  20. 20.

    Here, the term “trust” is not used here in its proper legal sense but according to its intuitive meaning of “confidence”. In this case, it means that the data subject is confident that the data collector will manage his/her data according to the current regulations or to other agreements between the two parties.

  21. 21.

    Tiancheng Li and Ninghui Li, “On the tradeoff between privacy and utility in data publishing,” inProceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining(New York, NY, USA: ACM, 2009), 517-526

  22. 22.

    Valentina Ciriani et al., “Microdata Protection,” inSecure Data Management in Decentralized Systems, Springer US, 2007, 33:291-321.

  23. 23.

    Pierangela Samarati and Latanya Sweeney, “Generalizing data to provide anonymity when disclosing information (abstract),” inProceedings of the seventeenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, PODS ’98(New York, NY, USA: ACM, 1998).

  24. 24.

    William E. Winkler,The state of record linkage and current research problems(Statistical Research Division, U.S. Bureau of the Census, 1999), Washington, DC.

  25. 25.

    Id. at 17. (“Generalizing data to provide anonymity when disclosing information (abstract)”).

  26. 26.

    Benjamin C. M. Fung, Ke Wang, and Philip S. Yu, “Anonymizing Classification Data for Privacy Preservation,”IEEE Trans. on Knowl. and Data Eng.19, no. 5 (May 2007): 711–725.

  27. 27.

    Ashwin Machanavajjhala et al., “l-diversity: Privacy beyond k-anonymity,”ACM Trans. Knowl. Discov. Data1, no. 1 (March 2007): 24.

  28. 28.

    Id. at 21 (“l-diversity: privacy beyond k-anonymity”).

  29. 29.

    Id.

  30. 30.

    Xiaokui Xiao and Yufei Tao, “Personalized privacy preservation,” inProceedings of the 2006 ACM SIGMOD international conference on Management of data, SIGMOD ’06 (New York, NY, USA: ACM, 2006), 229–240.

  31. 31.

    Ninghui Li, Tiancheng Li, and S. Venkatasubramanian, “t-closeness: Privacy Beyond k-Anonymity and l-Diversity,” inData Engineering, 2007. ICDE 2007. IEEE 23rd International Conference on, (Istanbul, Turkey: IEEE Computer Society, 2007) 106–115.

  32. 32.

    Marco Gruteser and Dirk Grunwald, “Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking,” inProceedings of the 1st international conference on Mobile systems, applications and services, MobiSys ’03 (New York, NY, USA: ACM, 2003), 31–42.

  33. 33.

    Sergio Mascetti et al., “k-Anonymity in Databases with Timestamped Data,”in Proceedings of the Thirteenth International Symposium on Temporal Representation and Reasoning(Washington, DC, USA: IEEE Computer Society, 2006), 177–186.

  34. 34.

    Id. at 29 (“Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking”).

  35. 35.

    Mohamed F. Mokbel, Chi-Yin Chow, and Walid G. Aref, “The new Casper: query processing for location services without compromising privacy,” inProceedings of the 32nd international conference on Very large data bases, VLDB ’06 (Seoul, Korea: VLDB Endowment, 2006), 763–774.

  36. 36.

    Panos Kalnis et al., “Preventing Location-Based Identity Inference in Anonymous Spatial Queries,”IEEE Trans. on Knowl. and Data Eng.19, no. 12 (December 2007): 1719–1733.

  37. 37.

    Sergio Mascetti et al., “Spatial generalisation algorithms for LBS privacy preservation,”J. Locat. Based Serv. 1, no. 3 (September 2007): 179–207.

  38. 38.

    Claudio Bettini et al., “Anonymity in Location-Based Services: Towards a General Framework,” inProceedings of the 2007 International Conference on Mobile Data Management(Washington, DC, USA: IEEE Computer Society, 2007), 69–76.

  39. 39.

    Manolis Terrovitis and Nikos Mamoulis, “Privacy Preservation in the Publication of Trajectories,” inProceedings of the Ninth International Conference on Mobile Data Management(Washington, DC, USA: IEEE Computer Society, 2008), 65–72.

  40. 40.

    Id. at 29 (“Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking”).

  41. 41.

    Id at 35 (“Anonymity in Location-Based Services: Towards a General Framework”).

  42. 42.

    Id. at 36 (“Privacy Preservation in the Publication of Trajectories”).

  43. 43.

    Id. at 29 (“Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking”).

  44. 44.

    Id. at 32 (“The new Casper: query processing for location services without compromising privacy”).

  45. 45.

    Id. at 35.

  46. 46.

    Id. at 36.

  47. 47.

    Claudio Bettini, “Privacy and anonymity in Location Data Management,” inPrivacy-Aware Knowledge Discovery: Novel Applications and New Techniques, ed. F. Bonchi, E. Ferrari, Chapman & Hall/CRC Data Mining and Knowledge Discovery Series, 2010.

  48. 48.

    Daniele Riboni et al., “Preserving Anonymity of Recurrent Location-Based Queries,” inProceedings of the 2009 16th International Symposium on Temporal Representation and Reasoning, TIME ’09 (Washington, DC, USA: IEEE Computer Society, 2009), 62–69.

  49. 49.

    Id. at 17 (“Generalizing data to provide anonymity when disclosing information (abstract)”).

  50. 50.

    Id. at 29 (“Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking”).

  51. 51.

    It is worthwhile to note that some papers that have recently appeared in the computer science literature do not distinguish between quasi-identifiers and personal information. Among others, the paper: Arvind Narayanan and Vitaly Shmatikov, “Robust De-anonymization of Large Sparse Datasets,”IEEE Symposium on Security and Privacy, 0 (2008): 111-125.

  52. 52.

    Id. at 20 (“Anonymizing Classification Data for Privacy Preservation”).

  53. 53.

    Id. at 13 (“Recommendation No. R (97) 5 on the protection of medical data”).

  54. 54.

    David Chaum, “Showing credentials without identification transferring signatures between unconditionally unlinkable pseudonyms,” inAdvances in Cryptology - AUSCRYPT ’90, 453:245-264, Springer Berlin/Heidelberg, 1990.

  55. 55.

    This problem can also be focused in the discussion about on the notion of “accountability”.

References

  • Agrawal, Rakesh, and Ramakrishnan Srikant. 2000. Privacy-preserving data mining. InProceedings of the 2000 ACM SIGMOD international conference on management of data, 439–450. New York: ACM.

    Google Scholar 

  • Bettini, Claudio. 2010. Privacy and anonymity in location data management. InPrivacy-aware knowledge discovery: Novel applications and new techniques, ed. F. Bonchi and E. Ferrari. Boca Raton: Chapman & Hall/CRC Data Mining and Knowledge Discovery Series.

    Google Scholar 

  • Bettini, Claudio, Sergio Mascetti, X. Sean Wang, and Sushil Jajodia. 2007. Anonymity in location-based services: Towards a general framework. InProceedings of the 2007 international conference on mobile data management, 69–76. Washington, DC: IEEE Computer Society.

    Google Scholar 

  • Chaum, David. 1990. Showing credentials without identification transferring signatures between unconditionally unlinkable pseudonyms. InAdvances in Cryptology – AUSCRYPT ’90, ed. J. Seberry, J. Pieprzyk, 453:245–264. Berlin/Heidelberg: Springer.

    Google Scholar 

  • Ciriani, Valentina, Sabrina di Vimercati, Sara Foresti, and Pierangela Samarati. 2007. Microdata protection. InSecure data management in decentralized systems, vol. 33, ed. Yu Ting and Sushil Jajodia, 291–321. New York: Springer.

    Chapter  Google Scholar 

  • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, 31–50.

    Google Scholar 

  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201, 31.7.2002, 37–47.

    Google Scholar 

  • Dwork, Cynthia. 2006. Differential privacy. InAutomata, languages and programming, 4052:1–12, ed. Michele Bugliesi, Bart Preneel, Vladimiro Sassone, and Ingo Wegener. Berlin/Heidelberg: Springer.

    Google Scholar 

  • Finocchiaro, Giusella. 2009. Anonymity and the law in Italy. InMovement-aware applications for sustainable mobility: Technologies and approaches, ed. Ian Kerr, Valerie M. Steeves, and Carole Lucock, 523–536. Oxford: Oxford University Press.

    Google Scholar 

  • Finocchiaro, Giusella, and Claire Vishik. 2010. Law and technology: Anonymity and right to anonymity in a connected world. InMovement-aware applications for sustainable mobility: Technologies and approaches, ed. Monica Wachowicz, 140–156. Hershey: IGI Global.

    Chapter  Google Scholar 

  • Fung, Benjamin C.M., Ke Wang, and Philip S. Yu. May 2007. Anonymizing classification data for privacy preservation.IEEE Transactions on Knowledge and Data Engineering19(5): 711–725.

    Article  Google Scholar 

  • Gruteser, Marco, and Dirk Grunwald. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. InProceedings of the 1st international conference on mobile systems, applications and services, 31–42. MobiSys ’03. New York: ACM.

    Google Scholar 

  • Italian Personal Protection Code, Legislative Decree no. 196, 30/06/2003, art. 4, co. 1, lett. n.

    Google Scholar 

  • Kalnis, Panos, Gabriel Ghinita, Kyriakos Mouratidis, and Dimitris Papadias. December 2007. Preventing location-based identity inference in anonymous spatial queries.IEEE Transactions on Knowledge and Data Engineering19(12): 1719–1733.

    Article  Google Scholar 

  • Li, Tiancheng, and Ninghui Li. 2009. On the tradeoff between privacy and utility in data publishing. InProceedings of the 15th ACM SIGKDD international conference on knowledge discovery and data mining, 517–526. New York: ACM.

    Google Scholar 

  • Li, Ninghui, Tiancheng Li, and S. Venkatasubramanian. 2007.t-closeness: Privacy beyondk-anonymity andl-diversity. InIEEE 23rd international conference on data engineering, 2007(ICDE 2007), 106–115. Istanbul, Turkey: IEEE Computer Society.

    Google Scholar 

  • Machanavajjhala, Ashwin, Daniel Kifer, Johannes Gehrke, and Muthuramakrishnan Venkitasubramaniam. March 2007.l-diversity: Privacy beyondk-anonymity.ACM Transactions on Knowledge Discovery from Data1(1): 24.

    Article  Google Scholar 

  • Mascetti, Sergio, Claudio Bettini, X. Sean Wang, and Sushil Jajodia. 2006.k-anonymity in databases with timestamped data. InProceedings of the thirteenth international symposium on temporal representation and reasoning, 177–186. Washington, DC: IEEE Computer Society.

    Google Scholar 

  • Mascetti, Sergio, Claudio Bettini, Dario Freni, and X. Sean Wang. September 2007. Spatial generalisation algorithms for LBS privacy preservation.Journal of Location Based Services1(3): 179–207.

    Article  Google Scholar 

  • Mokbel, Mohamed F., Chi-Yin Chow, and Walid G. Aref. 2006. The new casper: Query processing for location services without compromising privacy. InProceedings of the 32nd international conference on very large data bases, 763–774. VLDB ’06. Seoul, Korea: VLDB Endowment.

    Google Scholar 

  • Monreale, Anna, Dino Pedreschi, and Ruggero G. Pensa. 2010. Anonymity technologies for privacy-preserving data publishing and mining. InPrivacy-aware knowledge discovery: Novel applications and new techniques, ed. F. Bonchi and E. Ferrari. Boca Raton: Chapman & Hall/CRC Data Mining and Knowledge Discovery Series.

    Google Scholar 

  • Narayanan, Arvind, and Vitaly Shmatikov. 2008. Robust de-anonymization of large sparse datasets. InProceedings of 29th IEEE symposium on security and privacy, vol. 0, 111–125. Los Alamitos: IEEE Computer Society.

    Google Scholar 

  • Ohm, Paul. 2009. Broken promises of privacy: Responding to the surprising failure of anonymization.UCLA Law Review57:1701, 2010.

    Google Scholar 

  • Opinion 4/2007 of the Article 29 data protection working party on the concept of personal data, WP 136, 20.06.2007.

    Google Scholar 

  • Recommendation No. R (97) 5 of the Committee of Ministers to Member States on the protection of medical data, 13/02/1997.

    Google Scholar 

  • Recommendation No. R (97) 18 of the Committee of Ministers to Member States on the protection of personal data collected and processed for statistical purposes, 30/09/1997.

    Google Scholar 

  • Riboni, Daniele, Linda Pareschi, Claudio Bettini, and Sushil Jajodia. 2009. Preserving anonymity of recurrent location-based queries. InProceedings of the 16th international symposium on temporal representation and reasoning, 62–69. TIME ’09. Washington, DC: IEEE Computer Society.

    Google Scholar 

  • Samarati, Pierangela, and Latanya Sweeney. 1998. Generalizing data to provide anonymity when disclosing information (abstract). InProceedings of the seventeenth ACM SIGACT-SIGMOD-SIGART symposium on principles of database systems, PODS ’98. New York: ACM.

    Google Scholar 

  • Schwartz, Paul M., and Daniel J. Solove. 2011. The PII problem: Privacy and a new concept of personally identifiable information.New York University Law Review86: 1814–1894.

    Google Scholar 

  • Terrovitis, Manolis, and Nikos Mamoulis. 2008. Privacy preservation in the publication of trajectories. InProceedings of the ninth international conference on mobile data management, 65–72. Washington, DC: IEEE Computer Society.

    Google Scholar 

  • Winkler, William E. 1999.The state of record linkage and current research problems. Washington, DC: Statistical Research Division, U.S. Bureau of the Census.

    Google Scholar 

  • Working Party document on data protection issues related to RFID technology, WP 105, 19/01/2005, Art. 8.

    Google Scholar 

  • Xiao, Xiaokui, and Yufei Tao. 2006. Personalized privacy preservation. InProceedings of the 2006 ACM SIGMOD international conference on management of data, 229–240. SIGMOD ’06. New York: ACM.

    Google Scholar 

  • Yakowitz, Jane. 2011.Tragedy of the data commons. Harvard Journal of Law and Technology, vol. 25, 1.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, University of Milan, Milan, Italy

    Sergio Mascetti & Andrea Gerino

  2. Department of Computer Science, University of Pisa, Pisa, Italy

    Anna Monreale

  3. Dipartimento di Informatica, University of Pisa, 3, Largo Pontecorvo, 56127, Pisa, Italy

    Anna Monreale

  4. Department of Juridical Sciences “A. Cicu”, University of Bologna, Bologna, Italy

    Annarita Ricci

Authors
  1. Sergio Mascetti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anna Monreale
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Annarita Ricci
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andrea Gerino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sergio Mascetti .

Editor information

Editors and Affiliations

  1. Pleinlaan 2, Brussel, 1050, Belgium

    Serge Gutwirth

  2. , TILT, Tilburg University, Warandelaan 2, Tilburg, 5037 AB, Netherlands

    Ronald Leenes

  3. , LSTS, Vrije Universiteit Brussel, Avenue de la Plaine 2, Brussels, 1050, Belgium

    Paul de Hert

  4. Research Centre for Information, Technology & Law, University of Namur, Rempart de la Vierge 5, Namur, 5000, Belgium

    Yves Poullet

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Mascetti, S., Monreale, A., Ricci, A., Gerino, A. (2013). Anonymity: A Comparison Between the Legal and Computer Science Perspectives. In: Gutwirth, S., Leenes, R., de Hert, P., Poullet, Y. (eds) European Data Protection: Coming of Age. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5170-5_4

Download citation

Publish with us

Policies and ethics

Search

Navigation