understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border
« MIT REAL ID FORUM | Main | Handbook for Bloggers and Cyber-Dissidents »


posted by:Carole Lucock // 08:24 PM // September 20, 2005 // ID TRAIL MIX

Often the ID Trail Mix presents an opinion or editorial on a specific topic. In this piece I’ve taken a slightly different approach by raising two questions that have received very little attention in the literature. I hope to highlight the fact that there are questions to be asked as well as to generate discussion. My own thoughts will be forthcoming in an upcoming paper that analyses the issues in some depth.

The use of information in anonymised form is increasingly represented and understood as a win-win privacy/access solution. On this account, those seeking access get what they need – namely, the information. At the same time, the ‘data subject’s’ privacy is not diminished. In fact, his or her privacy right or interest, is not engaged, much less infringed.

There are many questions raised by this touted solution: How shall we interpret the meaning of the term ‘anonymous’, or ‘anonymised’? What operational definitions shall we assume? To what standard shall we assess whether information has been rendered anonymous? Anonymous with respect to whom – to everyone and anyone – or only to some?

However before getting to these questions, first the assumption that if information is anonymous, then the person has no privacy right or confidentiality interest with respect to this information must be carefully examined. Implicit in this assumption is the idea that, once information has been anonymised – its link to the subject of the information (supposedly) severed – the subject no longer has a privacy or other right in the information. It is premised on the notion that anonymised information is no longer private, confidential or under a duty of confidentiality.

The “no longer” is important. It indicates that the subject did at some point have a privacy right or confidentiality interest with respect to the information, which becomes erased with the erasure of identity. To say that one no longer holds a privacy right or interest may be to say too much. However, something peculiar is going on here, and the assumption that nothing is here lost for privacy is no less dubious, and perhaps even more so.

To examine these assumptions it is important to focus on the anonymisation of information. This process or act, for the most part, is hidden in the shadow land and barely noticed at all. It occurs between two points in time and in virtue of this act or process, between one time and another – a before and after – information goes from being identifiable to being not so. Another thing also seems to happen between these two points in time: at one point the subject has rights in the information and at the following point s/he does not.

Thus, the act of anonymisation not only transforms the information. It also transforms the nature of the subject’s relationship to it! Along with the removal of identity, the information loses or is stripped of the character of being under the jurisdiction of the person to whom the information originally attached. Given this significant consequence, does or should the scope of the rights that a person has in information prior to anonymisation include the right to control whether the act of anonymisation is undertaken at all? A second, related, question is whether a person does or should have continuing rights with respect to his or her anonymised information?


Hi Carole,

What you say makes a lot of sense, and I'm looking forward to your paper.

I think the question of what we might call *anonymous-victim privacy invasion* -- privacy invasion where an individual has her privacy invaded despite being anonymous to the invader -- is a very interesting one. If we hold that anonymity is merely one kind of privacy (as most privacy theorists do), then we must be prepared to countenance the possibility of anonymous-victim privacy invasion.

Here's an example. Suppose the tenant in the apartment above mine is a complete stranger to me, and I to him. But, prying soul that he is, he constructs a device that gives him audio-visual access to my bathroom. He turns the device on, and consequently discovers such things as that I like to sing along to my shower radio, that I'm a particularly awful singer, etc. Being a complete stranger, he has no idea who I am. In fact, that makes him feel better about what he's done. "It's a blast to learn that *that guy* thinks he's Elvis Costello in the shower," he thinks to himself, "but what I'm doing isn't really so bad. After all, I have no idea who he is."

Despite his rationalization, I'm inclined to say that the neighbor in this situation has invaded my privacy by illicitly acquiring personal information about me. Yet, since he has no idea who I am, I am anonymous to him. Thus, my neighbor has effected an anonymous-victim privacy invasion, on me. He's gotten his hands on personal information about me that he has no right to get his hands on, despite the fact that he's not gotten his hands on any *identifying* personal information about me.

The mere fact that information about an individual is not identifying, accordingly, doesn't strike me as a compelling reason to suppose that it is not personal information. And so I'm inclined to agree that the anonymization of information does not guarantee that the resulting information is non-personal; the person the information is about may well, as you suggest, have a right to privacy about it.

Thanks for the interesting post.

Posted by: David Matheson at September 26, 2005 10:23 PM

Post a comment

Remember Me?

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada