Part 1: Law & Science of De-Identification

In the context of legal compliance, the aim of de-identification is to turn personal data into non-personal data while still maintaining the data's usefulness. To what extent does de-identification work? The key to moving forward in this debate is to understand that de-identification is a process, not a property, and that underlying the debate are fundamental policy questions about what we mean when we say we are protecting privacy, questions that scientific literature cannot possibly answer.

Part Two: De-Identification, GDPR, and Competing Conceptions of Privacy

The European Union's General Data Protection Regulation (GDPR) has refocused attention on the differences between the U.S. and European approaches to privacy and data protection. While Europe takes a rights-based approach to privacy, the U.S. takes a harm-based approach. If there is a convergence of approaches, still we may find trans-Atlantic disagreement about which harms count and which harms don't.