This afternoon, EE called ORG to ask us about our blog. They did not question the article, but confirmed that it is their belief that IPSOS MORI employees misrepresented what the data they are offering can do.
They said in response that “most” of the data is large, aggregated datasets, of around 50 users. However, their customers currently don’t know how and when their data might be aggregated or made available in an anonymised form.
Anonymising datasets rarely prevents re-identification. For instance, Nature highlights research showing “in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals.”
Cambridge research on network identification shows similar kinds of results.
In response to these publicly-aired concerns, the CEO of Ipsos Mori offered data to researchers:
Ben Page, Ipsos MORI @benatipsosmori
@PlanetJamie39 @PaulbernalUK @patrick_kane_ I don't see why not. Should publish peer reviewed paper on this data
But there are other answers to the problem, other than waiting for a public outcry. These are
Mobile companies are not the only people playing with fire in this way. There are also government data initiatives, which are even more worrying, looking at personal health data, education and benefits data.
If you want to do something today, why not ask your MEP for strong data protection, as a first step?