There is significant debate going on concerning the use of personal data outside of that which it was collected for in the EU data protection reforms. This follows on from my previous post on the future of data protection. One of the ways seen as mitigating the risks is by anonymization of personal data. So you remove all PII, and make it anonymous so it can be used for whatever purpose. Sounds easy, but it’s not. Other data in public domain could be what was anonymised data invalid. There have been many cases of so called anonymous data becoming de-anonmynised. May Yee posted something in May 2010 on Virtual Shadows.

Clearly the anonymisation of data has enormous value in medical research for example, as it saves lives. However, when it comes to collecting personal information to be anonymised and used for making money, i.e. marketing, I’m a little less enthusiastic. If my personal data is to be used for purposes outside of what it was collected for, anonymised or not, I want to be informed of this, and be given the option to opt-in, not opt-out. It is up to the marketeer to sell to me the value in opting in.