I don't mind aggregate data, or anonymized where I'm "Patient b15-2gty", which is what you seem to be talking about, but I do mind "here's all the data about patient Martin Tournoij, for everyone to read".
I wouldn't want any future employers to see my medical data for example, as they may use this to discriminate (theoretically anyway; my medical history thus far is essentially non-existent).
Also: in the late 90s my mother worked for the city to digitize a lot of social security records and such. She had a good friend who had trouble walking (crutches, wheelchair); the story she told was that she was hit by a car, but my mother read her records during her job and found out she had simply fallen and was never hit by a car. Much drama ensued. I have no idea why anyone would lie about that and I'm fuzzy on the details as I was about 12-13 at the time, but fundamentally I think people should have the right to lie about things like this, if they so choose, for whatever reason.
Mapping “Patient b15-2gty” back to your real name has been trivial for decades.
My first job involved a one hour lecture about how people had repeatedly accidentally deanonymized and accidentally leaked data at other institutions, leading to divorces and worse.
We had somewhere between 10 to 100 bytes of entropy on each patient, and it would have been enough for any of their acquaintances to map back to real names and also severely violate privacy.
> I don't mind aggregate anonymized data where I'm "Patient b15-2gty
If you're ""Patient b15-2gty", then the data isn't aggregate. Aggregated data means that there are no individual data points at all, only aggregated ones, so there is no need for any sort of individual identifiers.
If there's any sort of individual identifier, then the data cannot be effective anonymized. If the data is aggregated, and the original records that were included in the aggregate figures is deleted, then I think that's adequately anonymized and I would have no problem with it.
Short of that, though, "anonymization" is a thing that doesn't actually exist.
I don't agree about anonymization; "true" anonymity is probably impossible in most areas of life, even for simple things like a walk in the forest as there's always something a significantly advanced sleuth can use.[1] There are no "true" one-way hashes either – you can always brute-force). It's about it being too infeasible to actually do that.
I wouldn't want any future employers to see my medical data for example, as they may use this to discriminate (theoretically anyway; my medical history thus far is essentially non-existent).
Also: in the late 90s my mother worked for the city to digitize a lot of social security records and such. She had a good friend who had trouble walking (crutches, wheelchair); the story she told was that she was hit by a car, but my mother read her records during her job and found out she had simply fallen and was never hit by a car. Much drama ensued. I have no idea why anyone would lie about that and I'm fuzzy on the details as I was about 12-13 at the time, but fundamentally I think people should have the right to lie about things like this, if they so choose, for whatever reason.