UK Wants To Criminalize Re-Identification of Anonymized User Data

An anonymous reader writes: European countries are currently implementing new data protection laws. Recently, despite leaving the European Union, the United Kingdom has expressed intent to implement the law called General Data Protection Regulation. As an extension, the UK wants to to ban re-identification (with a penalty of unlimited fines), the method of reversing anonymization, or pointing out the weakness of the used anonymisation process. One famous example was research re-identifying Netflix users from published datasets. By banning re-identification, UK follows the lead of Australia which is considering enacting similarly controversial law that can lead to making privacy research difficult or impossible. Privacy researchers express concerns about the effectiveness of the law that could even complicate security, a view shared by privacy advocates.

Another "Amazon" Law

[seoras]

I interviewed with Amazon a few years ago and, coming from Cisco, their engineers were very keen to pick my brains on how to identify individuals using network trickery.
It was very obvious during the interview that this was their holy grail, the identification of individuals for targeted marketing particularly in the EU/UK where stiff laws on cookie usage had recently come into effect.
One wonders if this too is another political swipe at Amazon?
It's certainly not in the public interest what with the UK Gov's repeated statement of war on person encryption.

This might be a problem for Facebook...

[__aaclcg7560]

From what I read in "Chaos Monkeys: Obscene Fortune and Random Failure in Silicon Valley" by Antonio Garcia Martinez, Facebook takes its own data and combines it with third-party data to create profiles on every user, whether logged in or browsing anonymously.