In our ever more digital society, personal data is increasingly being collected, processed, maintained and exchanged in electronic form. When data collection and operations happen in a distributed fashion, it is often important that different data sets of the same user can be associated.
Typical examples of such distributed, yet linkable data sets are health records or governmental databases. Many countries, including the US, Belgium, Denmark, and Sweden, use a nation-wide social security number for linkage.
Although the use of such unique identifiers across the entire system easily allows the various entities to correlate their records, it poses serious risks to data security and user privacy.
For one thing, it is difficult — if not impossible — to control and limit the exchange of records between entities. Moreover, any data breach reveals fully identifiable and linkable personal information.
We are researching solutions to this problem in the form of entity-specific identifiers (called pseudonyms), which are unlinkable per se. However, in cases where there is a legitimate need to link a user’s various records, these pseudonyms are established via a central entity that can convert between pseudonyms of the same user on a case-per-case basis. This conversion is done in such a way that the converter learns nothing about the contents of what it is converting.