Why "Anonymized" Data Is Not Actually Anonymous

There is one word the data industry loves above all others: anonymized. Companies collect mountains of information about you, strip your name off the top, and reassure you that what remains can never be traced back to a real person. It is one of the most convenient claims in the business. It is also, under even light scrutiny, mostly false.

What "anonymized" usually means

In practice, anonymizing data tends to mean removing the obvious identifiers, your name, maybe your exact address, and leaving the rest. The trouble is that the rest is plenty. Your age, your ZIP code, your gender, your marital status, the places you go and when, your purchase patterns: each of those is a clue, and stacked together they form a fingerprint that points to one person. Taking your name off the file does not make you disappear. It just adds one easy step for anyone who wants to put it back.

The research is brutal on this point

This is not a hunch. It is one of the most consistently demonstrated findings in privacy research. Years ago, a researcher took a set of "anonymized" state hospital records, cross-referenced them against publicly available voter rolls, and re-identified the governor of Massachusetts using nothing more than his ZIP code, birth date, and sex. Three ordinary details were enough to unmask a specific, named person from supposedly safe data.

The scale of the problem was quantified in a 2019 study published in the journal Nature Communications. Researchers found that 99.98 percent of Americans could be correctly re-identified in virtually any dataset using just 15 demographic attributes, things as mundane as age, gender, and marital status. Read that again. Nearly everyone, from a handful of everyday facts. The authors concluded that the standard practice of releasing "anonymized" data simply does not hold up.

Location data is even worse, because your movements are nearly unique to you. A major newspaper investigation obtained a file of supposedly anonymous phone location pings and showed that reporters could pick individual people out of the crowd and follow them from home to work and back, identifying them by where they slept and where they spent their days. No names were needed. The pattern was the name.

Why this matters for you

Here is the part that should bother you. Data brokers are generally free to sell "anonymized" or "aggregated" data with far fewer restrictions, precisely because everyone agrees to pretend it cannot be traced. So the most sensitive details of your life get bought and sold under a label that the evidence says is meaningless. The comfort of the word "anonymized" is doing a lot of work, and it is doing it for them, not for you.

It also means you cannot opt out of this with a setting. The data is already circulating, and the more places it lands, the more raw material exists to stitch your identity back together. Reducing your exposure means actually finding and removing the information tied to you, not trusting a reassuring label. Consumer Reports found that automated and self-service removal cleared only about 27 percent of listings, against roughly 70 percent when trained people worked through it by hand. The difference is reach and persistence, which is more than most people can sustain alone. You can read about why human removal works better, or see exactly how data brokers got your information.

Frequently asked questions

What does "anonymized" actually mean?

Usually it means the obvious identifiers like your name were removed, while details such as age, ZIP code, gender, and behavior remain. Those leftover details are often enough to identify you.

If anonymized data can be re-identified, why is selling it legal?

Because the law and industry practice still treat anonymized data as no longer personal, which frees companies to sell it with fewer limits. The research challenges that assumption, but the practice continues.

Can I stop my data from being sold this way?

You can limit new collection through privacy settings, but data already gathered keeps circulating. The practical step is to remove the information tied to you across the sites that publish it, and keep monitoring for its return.