Anonymization: The unicorn of privacy engineering

If Ella Fitzgerald and Louis Armstrong were singing about data privacy instead of tomatoes and potatoes, they might croon something like: "You say anonymization and I say deidentification. Let's call the whole thing off."

And honestly, who could blame them? The privacy world is full of terms that sound interchangeable but aren't — and that are often misunderstood and misused. Depending on which side of the Atlantic you sit, anonymization, pseudonymization and deidentification might all sound like variations of the same jazzy refrain. 

But under the laws — and in practice — they hit very different notes, and it sounds by way of the EU Digital Omnibus and community reactions to it, that even within the EU, not everyone agrees on the rhymes.

'You like tomato and I like tomahto,' but the law doesn't

In everyday conversation with engineers, developers, and particularly those in technology sales and marketing, anonymized often just means "we deleted the name fields and nothing more." In the land of the EU General Data Protection Regulation, that's not even the first bar of the song.

Some more educated people know that quasi-Identifiers such as, among others, address or university degree, are also targeted by data loss prevention tools that are used to catch indirect identifiers.