The Trouble with Guarantees
Introduced with political fanfare and tech industry handwringing in equal measure - the European General Data Protection Regulation was nothing if not a landmark moment in the enshrining of individual rights to privacy and the definition of sweeping - and credible - means to ensure them in the internet age.
For the people of Europe and those in other regions and jurisdictions watching with envy (or dread), this was the first time in the internet age where a truly effective, fortified legislative wall was built around these unalienable rights.
But here's the rub; the wall was never quite what we thought it was. Our data, or more accurately, our digital trace (stripped of the famous Personally Identifiable Information as defined by GDPR) was still everywhere. The “wall” worked because re-identifying people from scattered, supposedly anonymous data was something only a determined investigator could do, at hundreds of pounds an hour.
Thus, GDPR is less a “wall”, more a practical obscurity, dressed up as principle. And it held during the internet age because actually testing it was intellectually and financially prohibitive; near impossible at scale.
Only… now it's 2026. And we’re no longer in the internet age, we're in the AI age. And in the first three months of this year, the wall came crashing down.
As a private individual, and a father, I care deeply about civil liberties and privacy. I believe in the mission these regulations were designed to serve. On the other hand, I've also spent years inside the digital economy, including e-commerce in its formative years - the very sector that absorbed the first wave of GDPR and then the second when Brexit forked it.
The modern economy runs not just on collecting and processing data, but also on something more fragile: the consistency and durability of the rules that govern it.
I am not a lawyer. I am increasingly unsure this is a question lawyers can answer alone.
This is a piece about three things that have happened in the last twelve weeks, what they mean for the framework most of Europe relies on, and what happens if we take that framework at its word. The answer does not appear to be an easy one.
## The Cost Collapse
In January, a Northeastern researcher showed that a language model with web access could re-identify six out of twenty-four scientists from a stripped Anthropic dataset analogous to what's left after removing GDPR-style PII. Essentially, it had only the interview transcripts and the open web. It found enough.
In February, a team including researchers from Google DeepMind and ETH Zürich linked pseudonymous accounts across platforms - Hacker News usernames to LinkedIn profiles - with 68% recall at 90% precision. The previous best without language models was close to zero.
In March, Ko and colleagues reconstructed 79% of identities from the Netflix Prize dataset (remember that from 2008?). The classical baseline managed 56%.
The new technique in this last study has a name worth remembering: inference-driven linkage. Identity reconstruction built not from personal data; but from scattered, individually unremarkable cues.
Crucially, none of these results required a custom system, specialist expertise, or proprietary data. Off-the-shelf LLMs; standard prompts; commodity web search.
That's right, breaching the wall has gone from "needs a PhD and a budget" to "needs an API key."
### The Same, Just… Easier.
The systems doing this are not magic, and it matters to be clear about that. They do what the same patient, curious investigator could always have done: combine the scattered cues into a coherent and confident identification. The novelty here isn’t the capability; it’s the price.
An ordinary digital life leaves behind more than we may care to admit. A postcode from a delivery. An employer mentioned on LinkedIn. A commute pattern visible in travel searches and check-in pings. A dietary preference across a few restaurant reviews. A single Reddit comment about a niche hobby.
None of these, alone, identifies a proper person. But the combination - carefully and painstakingly stitched together - can bring the picture into stark fidelity.
The intelligence of the investigator has not gone away. This intelligence has just been packaged, distributed, and priced at roughly the cost of a coffee.
### What it looks like in practice
The Hacker News result is the one that hit me the most. A pseudonymous account - username, posting history, no real-name information - linked to its owner's LinkedIn profile, with high confidence, in seconds.
That’s… kinda scary.
Hacker News is a den of discussions, confessions and, yes, rants. Many technical professionals invoke their employers, and occasionally their frustrations, under names specifically chosen to keep professional and personal commentary separate. The separation between those two surfaces was load-bearing for a lot of careers… and it's now gone.
### The Shift
The fallout from these papers in America has focused, reasonably, on the Fourth Amendment and the data broker industry. But the framework most of Europe and the UK rely on starts from a different premise. We have, on paper, the strongest privacy protection in the world.
But that framework is built on a distinction. The distinction rests on an assumption.
This assumption is what these three papers have made impossible to ignore.
## The Wall
The General Data Protection Regulation is, genuinely and not rhetorically, the most consequential privacy framework in the world. It governs how more than 450 million people's data is collected, stored, and used. It has been copied, in whole or in part, by jurisdictions from Brazil to California to Japan. Most importantly, it has fines with real teeth.
And, it is built on a distinction whose foundations the cost collapse has just made visible.
Why is nobody talking about this?
### The Reasonably Likely Problem
GDPR divides the world into two categories. Personal data is heavily regulated - you need a lawful basis to collect it, a clear purpose to keep it, and you owe the person it relates to a long list of rights. Anonymous data is essentially free. GDPR considers it out of scope. You can collect it, share it, sell it, train models on it. This is what much of the digital economy has learned to live off of.
But it may surprise you to learn that the line between the two is drawn by a single phrase in Recital 26 of the regulation. Data is anonymous when identification is no longer possible "taking account of all the means reasonably likely to be used."
Reasonably likely. Two words doing an enormous amount of work.
Now, what counts as reasonably likely was always supposed to move with technology. The text says so explicitly - regulators must consider "available technology and technological developments."
In practice, the test has been interpreted through a lens of practical obscurity. How much would it cost? How long would it take? What expertise would it need? If the answer was "a lot, on all three counts," the data was treated as anonymous and the framework not applied.
This contextual reading has been tested, with the Court of Justice reinforcing this twice in the past decade. In Breyer, it held that data is personal if a third party could realistically identify the individual. In the Single Resolution Board case in 2023, it refined that further: identifiability must be assessed from the recipient's perspective, weighing the means actually available to them.
Both judgments lean, hard, on the realistic difficulty of re-identification.
The Li, Carlini, and Ko results are an empirical attack on what realistic difficulty now means.
### What Does Anonymous Data Mean?
Take a regional supermarket chain that holds a few years of loyalty card data. It has studiously stripped the names and addresses. It shares the dataset with an analytics partner under the long-standing assumption - confirmed by its lawyers, blessed by its compliance team, accepted across the industry - that no personal data is involved.
Postcodes are still in there, because they are useful for regional analysis. Purchase timing is in there. Approximate household size, inferred from basket composition. Dietary patterns. Brand preferences. None of this, individually, identifies anyone.
Run an LLM agent across that dataset, with the open web for context, and the picture changes. The combination of postcode area, weekly shopping rhythm, distinctive product preferences, and one or two unusual purchases is, for many households, identifying. Not for all. But for enough that the “means reasonably likely to be used” test no longer reliably comes out the way it used to.
If that is right, then the data cannot honestly be considered anonymous. It's personal. It always was - the new technical capability has just made that visible.. Every data controller who has been processing it on the assumption that it sat outside the framework has been processing personal data without a lawful basis, without subject access rights. Without the obligations and consequences that follow.
Multiply that scenario across the UK and European economy. Loyalty schemes, transit cards, fitness trackers, streaming services, smart meters, NHS research datasets, academic social science. The structural condition is widespread. It was always invisible. It is becoming visible now.
### The Next Shift
Regulators have options. They can raise the threshold for what counts as reasonably likely. They can lean harder on contextual interpretation. They can carve out research, public interest, and statistical processing.
Each of these is defensible, but also a quiet admission that anonymisation was never a technical state but a managed policy compromise. One whose terms the public was never quite told.
And that gap matters. What much of the public believed it had been granted was privacy as a condition. What the framework was actually offering was privacy as an estimate of how expensive identification happened to be. Those are not psychologically equivalent, and the difference between them is becoming harder to keep quiet.
Two doors open from here. Regulators notice and enforce the rules as written. Or they soften the interpretation to keep the framework workable.
Neither door leads where you might expect.
## The Trap
Here is the part that, for the last decade, was easy to miss.
If GDPR is enforced consistently in this new technical landscape - distinguished by low cost, scalable inference - the consequence is not stronger privacy protection. At best, it's the maintenance of the status quo.
But in parallel, it’s the partial collapse of the data substrate that most of the digital economy currently runs on. And by extension; the biggest motor of global growth over the last two decades.
I want to be careful about how that statement reads. I am not making a libertarian argument. I am not saying regulation is impossible, or that privacy law has overreached, or indeed that the framework should be weakened.
I’m just describing what I can only term as a paradox. And this paradox is real, uncomfortable… and the discomfort is important to spell out.
### The Letter of the Law
If previously-anonymous behavioural data is reclassified as personal - and the cost collapse argues that much of it must be - then every organisation holding it needs a lawful basis to process it.
There are six lawful bases in the regulation. For data of this kind, gathered at this scale, only two are realistic candidates.
The first is legitimate interests. This requires the controller to demonstrate that its interest in processing the data outweighs the privacy impact on the individuals involved. That balancing test was always somewhat subjective. The deanonymisation papers tip the balance substantially. If your processing now exposes individuals to identification at commodity cost, the legitimate interests claim becomes much harder to defend.
The second is consent. Real consent. Specific, informed, freely given, separately granted for each purpose. Consent at the scale of a national loyalty programme, a fitness tracker user base, or a research cohort is operationally impossible. It can be requested… but it cannot be reliably obtained.
That leaves a narrow path. Delete the data. Stop collecting it.
Or accept regulatory exposure that, properly priced, is company-ending.
### The Real World
Consider a longitudinal health study run by a UK university. It has been collecting anonymised data on participants' diet, exercise, sleep, and mood for fifteen years. The dataset is one of the richest of its kind in Europe. It has produced research that has shaped public health policy. It is shared, under careful agreements, with collaborators around the world.
Under the older reading of "reasonably likely means," the dataset was anonymous and the framework didn't apply. Under the new reading, it is plausibly personal. The participants gave consent for an anonymous study. They did not give consent for a personal-data study, because no one thought they were in one. The lawful basis under which the data has been processed for fifteen years may no longer hold.
The university has three options. Re-consent every participant; a project that would take years and would lose much of the cohort. Delete the dataset and the research programme it sustains. Or carry on and hope no one looks too closely.
This is not a hypothetical.
This is the structural condition of medical research, social science, transport planning, urban policy, and a great deal of public-interest data work across the UK and Europe.
Even with GDPR’s Article 89 exemptions for scientific research, the sudden classification of this data as personal introduces compliance burdens that most academic budgets cannot survive. And so, the framework that protects citizens, applied honestly to the new technical reality, also threatens the research that serves them.
The point being that the framework isn't wrong, it’s just now asking us to choose between two diametrically opposed things we want equally.
### So, What Next?
The cost collapse has not created a new problem. It has revealed that we never had a solution, just a carefully managed, accepted risk.
The framework that protects us, applied honestly, breaks the economy that pays for it. The framework that lets the economy run, applied honestly, no longer protects us.
These are not two distinct arguments. They are the same observation seen from two angles.
We built a privacy framework on the assumption that anonymisation was a real technical state. We see now it was always something more contingent than that - and the contingency is now gone.
Faced with that, we could take the obvious route and keep enforcing the rules as written.
The harder route, the one the next decade of European data governance will have to navigate, is deciding whether we're willing to find out what those rules actually meant.
