Let’s Talk Privacy & Technology Episode 9: Deidentification with Luk Arbuckle
As part of my fellowship with Santa Clara Law’s leading privacy law program, I’m curating the Let’s Talk Privacy & Technology video series. Each episode features a privacy expert, practitioner, academic, or innovator. We discuss the intersection of privacy and technology, covering topics ranging from privacy engineering, privacy enhancing technologies (PETs), and data ownership, to data ethics, privacy tech, cybersecurity, and more. I publish episode notes in this blog, including this post dedicated to episode 4. [Episode 1 is available here; 2, here; 3, here; 4, here. 5, here; 6, here; 7, here; and 8, here.]
Episode Description
I spoke with Privacy Analytics Chief Methodologist, Luk Arbuckle about his work involving deidentification as a privacy enhancing technology.
Episode Takeaways
- On what it means to deidentify or anonymize: Luk and I began by defining and distinguishing between the nomenclature: anonymization and deidentification. He emphasized the need to bridge language gaps to achieve deidentification goals. We cited the challenge raised by the EU under GDPR and the US under HIPAA given the two regimes’ different definitions of deidentification and anonymization. To deal with these challenges, Luk referenced the “Five Safes of Risk-Based Anonymization” as a helpful framework to use. He advised practitioners not to think of anonymization as the end goal, but to think instead about transforming data based on the level of obfuscation or the extent to which they’d like to hide people within that data.
- On existing privacy standards and frameworks: Luk and I agreed that we need more deidentification and anonymization standards, coupled with education and awareness. Luk rightly pointed out that privacy is not the only goal; there are many other functional benefits from having a trusted system.
- On his vision for privacy in the future: Luk envisioned a product that could help predict privacy needs and behaviors. He hoped that privacy continues to be a priority for organizations — I think it will given developing consumer privacy trends, increasing global data protection regulations, and privacy brand implications. Luk and I agree that privacy is far from dead, despite what privacy naysayers may say.
Episode Links
- This episode is available on Santa Clara Law’s YouTube page.
- Luk is on Twitter and LinkedIn.
- For other episodes, check out the Let’s Talk Privacy and Technology series page on the Santa Clara Law website.