European Data Protection Day: "Fateful years" lie ahead
Anonymization and pseudonymization are fragile. It becomes precarious when the political situation shifts. Discussion on EU Data Protection Day.
Prof. Paulina Jo Pesch, Prof. Thorsten Strufe, Susanne Dehmel, Prof. Fabian Prasser, Dr. Dennis Kraft and Dr. Ulrich Vollmer
(Image: Marie-Claire Koch / heise medien)
On the occasion of the EU Data Protection Day, experts from science, supervision, business, and technology discussed the responsible handling of personal data in Berlin. The event focused on the question of what risks modern data processing poses overall.
Prof. Pauline Jo Pesch, junior professor at FAU Erlangen, criticized right at the beginning that the concept of anonymity is often misunderstood and misused: “Anonymity sounds as if it were something final. As if one could anonymize once and then the matter is settled.” This notion is particularly dangerous in the context of large AI language models.
“Existing models [...] that form the basis of chatbots, all allow the extraction of sometimes extensive – including verbatim – excerpts from the training data.” The problem is not only the reproduction of real data, but also the generation of false statements about real people. She cited the well-known case of a journalist who was attributed actions he had reported on as an example.
Furthermore, anonymity is not a stable state, but depends on technical developments: “Something might be reasonably anonymous now – and not tomorrow.” While the GDPR gives the impression of a clear dividing line, technically anonymity is gradual. The question is how much computing time and how much computing power and time I need to perform a re-identification.”
Videos by heise
Anonymization often not a solution for medical research
In medical research, anonymization is typically not practical because research results are intended to benefit individual patients. “You only get zero risk if you don't process any data,” said Prof. Fabian Prasser from Charité.
Especially in multicenter studies, real-world evidence research, or AI-supported diagnostics, controlled re-identification and data linking are necessary. At the same time, Prasser warned against equating different fields of application, such as the online advertising industry with medical research. Instead of absolute security promises, realistic trade-offs are needed.
From a technical perspective, Prof. Thorsten Strufe from the Karlsruhe Institute of Technology classified many common protective measures. He was particularly clear about pseudonymization: “Pseudonymization is very often very easy to break.” People share a lot of information about themselves, but “not with the expectation that it will be used for other purposes.”
Strufe was also skeptical about mobility and IP address data, for example in the 13 further planned European data spaces: “Even if IP address data is passed on pseudonymized, I have no confidence in that.”
Business uncertain and careless?
Susanne Dehmel, member of the Bitkom executive board, presented the business perspective. She contradicted the notion that companies handle data protection carelessly. The effort is high, the uncertainty is great. The inconsistent interpretation of the GDPR is particularly problematic. At the same time, Dehmel warned against exaggerated requirements: “If we have to mitigate every risk, we really can't do much.” Small and medium-sized enterprises in particular have difficulties dealing with this uncertainty, while large corporations have the corresponding resources.
Dr. Dennis Kraft from Google's anonymization team warned that anonymization is “often equated with a process that ensures that the data is no longer sensitive at the end.” This is not correct. Sensitive data remains sensitive even if it is no longer directly attributable. He advocated for technical limitations such as secure processing environments, controlled access, and methods like Secure Multi-Party Computation or “Data Clean Rooms,” in which specially prepared data is only temporarily available for data analysis in secure processing environments.
ICE uses AirTag data
It was repeatedly emphasized that data protection today cannot be considered in isolation from the political context. “Everyone didn't give a damn about cookie tracking. Now ICE is using data from AirTag providers to track people,” Pesch pointed to current developments in the USA.
Vollmer drew a clear conclusion at the end: Data protection is facing “fateful years” – and needs new, more realistic answers. These include real-world labs, stronger cooperation between supervisory authorities, and more transparency towards data subjects. Only in this way can data protection be further developed without blocking innovation or promising false security. While there is no absolute security – neither through anonymization methods nor through pseudonymization. However, the honest handling of remaining risks is crucial.
(mack)
