Download This Paper'A Rose by Any Other Unique Identifier': Regulating Consumer Data Tracking and Anonymisation Claims
Competition Policy International TechReg Chronicle (August 2022) 21
9 Pages Posted: 18 Oct 2022
Date Written: August 31, 2022
Abstract
Representations in online privacy policies that certain data is anonymous or “not information that personally identifies you” can have significant consequences. They may indicate that the firm considers the data to be outside the scope of data protection regulation, and/or give consumers the impression that this is data which cannot have an impact on the individual; for example, that it will not add to the individual consumer’s profile. However, there are a growing range of data practices and services offered by adtech and data analytics providers that do affect individuals’ privacy while claiming not to use personal information, including persistent unique identifiers, data matching using hashed emails and other “identity resolution” services – practices which are not within most consumers’ knowledge or understanding. Obfuscation about such activities may not only mislead consumers, but hinder competition on privacy quality by firms that seek to compete on the basis of genuinely privacy-enhancing features. This article argues that claims of anonymization and pseudonymization require tighter regulation under data protection law and should also be rigorously scrutinized under consumer protection law for potential misleading conduct.
Keywords: Privacy law; consumer protection; competition; anonymisation; pseudonymisation; anonymous; data protection; misleading conduct; personal information; personally identifiable information; PII
JEL Classification: K10, K19
Suggested Citation: Suggested Citation
Katharine Kemp (Contact Author)
University of New South Wales (UNSW) - UNSW Law & Justice ( email )
Kensington, New South Wales 2052
Australia