You are here: Resources > FIDIS Deliverables > Forensic Implications > D5.4: Anonymity in electronic government: a case-study analysis of governments? identity knowledge > 
Anonymization of official statistical data  Identification versus anonymity in e-government
 Statistical information in the health sector


Anonymity and anonymization

Considering anonymity, definitions try to focus on a precise idea. Consider for example a definition of anonymous:

“1 : not named or identified  

2 : of unknown authorship or origin  

3 : lacking individuality, distinction, or recognizability”.

Being anonymous according to this definition means that the subject is not identified; it cannot be distinguished from other subjects within a specified group of subjects. Often this reference group is only implicitly specified. The term anonymity is then mainly used to address the state of being anonymous.

The definition from [ISO 15408-2] goes in the same direction: Anonymity “ensures that a user may use a resource or service without disclosing the user’s identity. The requirements for Anonymity provide protection of the user identity. Anonymity is not intended to protect the subject identity.” 

In this chapter, we will focus mainly on anonymization, a technical term which addresses the problem of how one can attain the state of anonymity, while starting from a non-anonymous situation. Typically this problem arises when a large quantity of personalized data is available which needs to be used for statistical purposes, yet actual law does not allow for this data to be given to third parties in order to guarantee privacy protection of individuals or groups.  

Typical examples of this are to be found in the large field of profiling and data mining [Hildebrandt & Gutwirth 2007]. Legal regulations in the EU and Switzerland are very strict, and if profiling and data mining are to be done successfully, then legally compliant, anonymization techniques are very helpful. 

Many challenges are to be met during the process of anonymization. Some of them are technical in nature like, for example, the question of which algorithms, which protocols are to be used. Many challenges go beyond the technical level, for example the question of whether or not there must be a possibility to reverse the anonymization procedure, and, if so, to what extent and at what “cost”; i.e., only the people allowed to do so should be able to actually do it. 

In the following, we will focus on the procedures for anonymization but not on technical details on the algorithmic level of cryptographic procedures and protocols in order to keep it simple and readable for people without cryptological training. 


Anonymization of official statistical data  fidis-wp5.del5.4-anonymity-egov_01.sxw  Statistical information in the health sector
35 / 45