FTC Reaffirms Strict Standards for Data Anonymization
23 AUGUST 2024 | ZAC SOTO
On July 24th, through its Office of Technology Blog, the Federal Trade Commission (FTC), reiterated its hardline stance that hashing—a method of converting data like names or passwords into a string of characters to obscure the original information—does not meet its criteria for anonymization (LINK). This position, although not new, underscores the FTC’s focus on compliance with what many consider an almost unattainable standard, posing significant challenges for businesses that rely on personal data for research, marketing, and innovation.
Given the FTC’s renewed focus on this issue, companies should review their data practices, particularly regarding online tracking, targeted advertising, and the use of persistent identifiers. The consequences of mishandling or misrepresenting data practices are severe, potentially leading to regulatory investigations, enforcement actions, and damage to a company’s reputation. In this complex and evolving privacy landscape, companies must remain vigilant and make informed decisions to ensure compliance.
This article is not meant to provide legal or tax advice. It should be understood as a provocative, simplified overview to allow the reader to better consult its legal and tax advisors. Every individual, every company, and every situation is different. There is no “one size fits all” solution. Also, we are not tax advisors or tax experts and do not offer tax advice. Readers are advised to seek professional advice before acting on any information contained in this article. The author and publisher are not liable for any damages or negative consequences arising from any use of the information presented in this article.
FTC Reaffirms Strict Standards for Data Anonymization
23 AUGUST 2024 | ZAC SOTO
On July 24th, through its Office of Technology Blog, the Federal Trade Commission (FTC), reiterated its hardline stance that hashing—a method of converting data like names or passwords into a string of characters to obscure the original information—does not meet its criteria for anonymization (LINK). This position, although not new, underscores the FTC’s focus on compliance with what many consider an almost unattainable standard, posing significant challenges for businesses that rely on personal data for research, marketing, and innovation.
The FTC has reaffirmed its position that hashing does not prevent re-identification, particularly when combined with other identifying information, as there remains the possibility, however remote, of re-identification of personal information. As a result, in reaffirming guidance from 2012, the FTC has made it clear that hashing does not constitute anonymization because, according to their standard, data is only truly anonymous if it can never be linked back to an individual—a near-impossible feat. This position was notably highlighted in a 2022 case against BetterHelp, an online therapy provider accused of sharing hashed email addresses with Facebook, which the FTC alleged could be used to identify and target individuals seeking mental health services.
This article is not meant to provide legal or tax advice. It should be understood as a provocative, simplified overview to allow the reader to better consult its legal and tax advisors. Every individual, every company, and every situation is different. There is no “one size fits all” solution. Also, we are not tax advisors or tax experts and do not offer tax advice. Readers are advised to seek professional advice before acting on any information contained in this article. The author and publisher are not liable for any damages or negative consequences arising from any use of the information presented in this article.
FTC Reaffirms Strict Standards for Data Anonymization
23 AUGUST 2024 | ZAC SOTO
On July 24th, through its Office of Technology Blog, the Federal Trade Commission (FTC), reiterated its hardline stance that hashing—a method of converting data like names or passwords into a string of characters to obscure the original information—does not meet its criteria for anonymization (LINK). This position, although not new, underscores the FTC’s focus on compliance with what many consider an almost unattainable standard, posing significant challenges for businesses that rely on personal data for research, marketing, and innovation.
This article is not meant to provide legal or tax advice. It should be understood as a provocative, simplified overview to allow the reader to better consult its legal and tax advisors. Every individual, every company, and every situation is different. There is no “one size fits all” solution. Also, we are not tax advisors or tax experts and do not offer tax advice. Readers are advised to seek professional advice before acting on any information contained in this article. The author and publisher are not liable for any damages or negative consequences arising from any use of the information presented in this article.