[PUBLICATION] François Viangalli - From data to accountability: from anonymization to re-identification attack

on the October 12, 2020

François Viangalli ( CESICE ) just published an article on the de-anonymization of data, and the legal liability that may arise from it.

" This paper is about anonymization and liability. It shows why anonymizing data constitutes for public or private entities a risk, since a re-identification of the persons remains always possible, from a theoretical point of view, as long as other data can be found and crossed with the previously anonymized data.
For this reason, the public or private authorities who have depersonalized personal data before their public release (in an open data process, for instance), or transfer towards another authority or company, assume a legal risk in case of an attack by re-identification. This risk should be considered from a legal point of view, especially on the ground of insurance law. The paper suggests what to do to avoid any liability in this matter.

François Viangalli, Des données à la responsabilité : de l’anonymisation à l’attaque par réidentification
Revue Lamy de Droit de l'immatériel, 2020, n° 173, p.40
Published on November 3, 2020