Just making smartphone data anonymous no longer enough, says study

WION Web Team
New Delhi Updated: Jan 26, 2022, 06:36 PM(IST)

Image for representation. Photograph:( Reuters )

Story highlights

The study in the Nature Communications journal says this is no longer enough to keep identities private.  The researchers say people can now be identified with just a few details of how they communicate with an app like WhatsApp. 

In the increasingly digital world, anonymity is often a necessary thing in order to safeguard own details. There are many privacy measures to ensure anonymity of smartphone users. But a study has now suggested that the measures that have been used may no longer be suitable for the digital age.

Vast quantities of data are scooped up from smartphone apps by firms looking to develop products, conduct research or target consumers with adverts.

In Europe and many other jurisdictions, companies are legally bound to make this data anonymous, often doing so by removing telltale details like names or phone numbers. 

But the study in the Nature Communications journal says this is no longer enough to keep identities private. 

The researchers say people can now be identified with just a few details of how they communicate with an app like WhatsApp. 

One of the paper's authors, Yves-Alexandre de Montjoye of Imperial College London, told AFP it was time to "reinvent what anonymisation means".

'Rich' data

His team took anonymised data from more than 40,000 mobile phone users, most of which was information from messaging apps and other "interaction" data. 

They then "attacked" the data searching for patterns in those interactions -- a technique that could be employed by malicious actors. 

With just the direct contacts of the person included in the dataset, they found they could identify the person 15 percent of the time.

When further interactions between those primary contacts were included, they could identify 52 percent of people. 

"Our results provide evidence that disconnected and even re-pseudonymised interaction data remain identifiable even across long periods of time," wrote the researchers from the UK, Switzerland and Italy. 

"These results strongly suggest that current practices may not satisfy the anonymisation standard set forth by (European regulators) in particular with regard to the linkability criteria." 

De Montjoye stressed that the intention was not to criticise any individual company or legal regime. 

Rather, he said the algorithm they were using just provided a more robust way of testing what we regard as anonymised data. 

(With inputs from agencies)

Read in App