Why is “anonymous”, “de-identified”, or “aggregate” data problematic?
It is practically impossible to ensure that anonymous/de-identified/aggregate data cannot be re-identified; far too much information exists and is accessible now to the average person. Dr. Latanya Sweeney showed she can re-identify 87% of the population with just gender, month and date of birth and zip code.
Data is either useful or anonymous, but never both.
Data may seem anonymous but when coupled with another set of data, the merged data set can often reveal identity. Consider data an employer or insurer already has on you, overlapped with “anonymous” data such as age, location, gender and dates of absence for a report on those who searched for “cancer testing.” If employers and insurers want to identify sick or expensive people, they can.