Defeat the Mosaic Effect

Statutory Pseudonymization Achieves Cryptographic Dynamism to Defeat the Mosaic Effect
Anonymization techniques and pre-GDPR forms of tokenization (sometimes referred to as pseudonymization) are ineffective in today’s data-driven world. These factors combine to enable unauthorized re-identification of individuals via the Mosaic Effect. The Mosaic Effect occurs when a person is indirectly identifiable via linkage attacks because some datasets can be combined with other datasets known to relate to the same individual, enabling the individual to be distinguished from others.
SEE HOW IT’S DONE
In contrast, Statutory Pseudonymization – as now defined in GDPR Article 4(5) – enables Cryptographic Dynamism by requiring that you cannot re-identify individuals via linkage attacks, except with access to “additional information” that is stored separately under the control of the data controller. Traditional anonymization techniques using static (or persistent) tokens to replace repeated occurrences of identifiers within and across datasets remain vulnerable to reidentification via the Mosaic Effect. Therefore, they do not satisfy GDPR requirements for Statutory Pseudonymization necessary to achieve desired Cryptographic Dynamism.
The European Union Agency for Cybersecurity (ENISA) has published two reports since the adoption of the new GDPR definition of Statutory Pseudonymization on best practices for compliant Pseudonymization - in November 2018 and 2019. In addition, the Article 29 Working Party Opinion 06/2014 opined that Statutory Pseudonymization - when implemented correctly - is an effective safeguard that can “play a role in tipping the balance in favour of the controller when evaluating steps taken to minimise the impact on data subjects under the Balancing of Interests Test required for Legitimate Interest processing.”
Statutory Pseudonymization requires
Statutory Pseudonymization requires that personal data be transformed so that the identity of individuals cannot be discovered with linkage attacks. To achieve Statutory Pseudonymization, Anonos’ patented Variant Twins improve upon tokenization by leveraging ”Cryptographic Dynamism” (i.e., using different pseudonyms at different times for different purposes) to protect both direct and indirect identifiers, as well as attributes, for more reliable data protection.
A “Science” journal article entitled “Unique In The Shopping Mall: On The Reidentifiability of Credit Card Metadata” deals with a version of the Mosaic Effect called “unicity” – i.e., how much outside information is needed, on average, to reidentify a specific individual. The article shows that four data elements represented by static (persistent) tokens are enough to uniquely reidentify 90% of individuals and highlights how metadata captured in several financial transactions by an individual designated by the same
identifier “7abc1a23” can be used to reidentify them. An example of how GDPR-compliant Pseudonymization can defeat the Mosaic Effect is provided below – each time you depress the button labeled “CLICK HERE 4 TIMES” the next purchase is pseudonymized by replacing the static token “7abc1a23” with a different dynamically de-identifying pseudonym to defeat unauthorized reidentification via the Mosaic Effect.
Without Statutory Pseudonymization, anyone can tell that the same person made four purchases in this example. However, with Statutory Pseudonymization, data about the pseudonym used to obscure the activities of User ID “7abc1a23” is retained, but it is made available only to authorized parties under controlled conditions - it is not revealed to the outside world.
Interactive Example: Statutory Pseudonymization
Original Purchase Table
Shop User ID Date Price Price Bin
7abc1a23 09/23 $97.30 $49 - $146
7abc1a23 09/23 $15.13 $5 - $16
3092fc10 09/23 $43.78 $16 - $49
7abc1a23 09/23 $4.33 $2 - $5
4c7af72a 09/23 $12.29 $5 - $16
89c0829c 09/24 $3.66 $2 - $5
7abc1a23 09/24 $35.81 $16 - $49
See how Statutory Pseudonymization protects User ID "7abc1a23" from unauthorized re-identification.
1
2
3
4
Pseudonymised Purchase Table
Shop User ID Date Price Price Bin Pseudonymized
           
           
3092fc10 09/23 $43.78 $16 - $49  
           
4c7af72a 09/23 $12.29 $5 - $16  
89c0829c 09/24 $3.66 $2 - $5  
           
Additional Information
Date Pseudonym User ID
Key Takeaways
Statutory Pseudonymization provides greater security for data in use, especially in use cases that involve data sharing and combining. In addition, it enables data controllers and processors to reap explicit benefits under the GDPR, including reduced obligations in the event of a data breach and other express statutory allowances.

To learn more about the benefits of Statutory Pseudonymization, click here.