I had always believed that we can maintain privacy by not revealing too much information about ourselves in online forums and social media. But my perspective changed whenI took a course during my graduate studies called “Privacy Aware Computing”. 

I attended the first lecture without even enrolling in the course because I wanted to know if it was something that would interest me. I was not expecting much. But I was so drawn by the subject. That single lecture was enough to convince me to take the course and by the end of it I was genuinely interested in data privacy. Even today reading articles and LinkedIn posts about this topic excites me. 

This was also where I first heard the saying “if you are not paying for a service or product, you become the product”.

I had always wondered why email services, search engines and social media platforms are free. I had the answer to this now. I realized that  we are getting their  service for our information. This feels unfair since most people are not fully aware that their information is being collected.

The other day I was searching the web for paper clips. After a while I started getting advertisements for office supplies on another website that I visited. This shows that our data is being collected from everyday online activities. Based on our online activity, organizations make detailed profiles of us. This profile is then used to push targeted ads.

Through my education and research I know that modern machine learning models thrive on data. This raises the real question: how can organizations use data to build intelligent machine learning systems without exposing sensitive information about the people behind it? That’s what this article is about.

Why Data Privacy Matters

Most of us are willing to share some personal information in exchange for convenient digital services. But few of us expect that data to be exposed, sold, or used in ways we never agreed to.

Here’s what I find unsettling: modern datasets often contain enough information to reveal surprisingly detailed insights about individuals — even when the obvious identifiers are gone. Remove someone’s name, and you might still be able to figure out exactly who they are from what’s left.

As machine learning becomes more central to how organizations analyze data, protecting privacy has become a critical consideration. The goal isn’t to stop data-driven innovation — it’s to make sure valuable insights can be extracted without compromising the people behind the data.

Why Traditional Anonymization Isn't Enough

The obvious first instinct is anonymization — strip out names, email addresses, phone numbers, and you’re done, right? At first glance this seems reasonable. If a person’s name is removed, how can they be identified?

Turns out, pretty easily sometimes.

Many datasets contain what researchers call quasi-identifiers: age, gender, ZIP code, occupation, education level. None of these identifies you alone. But combined? A 42-year-old female software engineer in a small town might be one of three people who match that description. An attacker can link data from multiple sources and use these combinations to re-identify individuals — a technique known as a re-identification attack (or linkage attack).

This isn’t theoretical. Researchers have repeatedly demonstrated that supposedly anonymized datasets — medical records, location data, movie ratings — can be de-anonymized with surprisingly little effort. Removing names is a start, but it’s nowhere near enough.

The Rise of Privacy Enhancing Technologies (PETs)

So if anonymization alone doesn’t cut it, what does? This is where Privacy Enhancing Technologies (PETs) come in. I’ll be honest — when I first heard that term, it sounded like marketing speak. But the underlying techniques are genuinely clever, and understanding them changed how I think about the privacy problem.

PETs help organizations use data more responsibly by reducing privacy risks while still enabling valuable analysis. Instead of choosing between privacy and progress, they help find a middle ground. There’s no single solution — different techniques approach the problem from different angles.

In this article, I’ll focus on three that I think are the most important to understand:

k-Anonymity — makes individuals hard to distinguish from others in a dataset

Differential Privacy — adds carefully calibrated noise to protect individual contributions

Federated Learning — trains models without ever centralizing the raw data

k-Anonymity

k-Anonymity is one of the oldest tricks in the book, and honestly, it’s elegant in its simplicity. The idea: ensure that every record in a dataset is indistinguishable from at least k-1 other records.

If a dataset satisfies 5-anonymity (k = 5), then for any individual’s record, there are at least four others who look identical based on the key attributes. An attacker can’t pinpoint you — they’re looking at a group, not a person.

To get there, data gets generalized. Instead of recording that someone is 42 years old, you record 40–45. Instead of a full ZIP code, just the first three digits. You lose some precision, but you gain meaningful protection.

That said, k-Anonymity is showing its age a little. It’s a solid foundation — and it laid the groundwork for much of what came after — but it has known weaknesses, particularly when the remaining attributes are very homogeneous (a problem later addressed by techniques like l-diversity). Still, for many use cases, it remains a practical and accessible starting point.

Differential Privacy

Of the three techniques, differential privacy is the one I find most mathematically satisfying. The core idea: the outcome of any analysis should remain nearly the same whether or not any particular individual’s data was included. To make that happen, carefully calibrated statistical noise is added to the results before they’re released.

A simple example: imagine a researcher wants the average age of patients in a hospital. With differential privacy, a small random value gets added to the result before it’s reported. The number is slightly off — but still useful for research — and no one can tell whether any specific patient was in the dataset.

What makes this powerful is the mathematical guarantee. It’s not just “we tried to protect privacy” — it’s a provable bound on how much an attacker can learn about any individual, regardless of what external information they have. That’s a fundamentally different kind of claim than traditional anonymization makes.

Apple, Google, and the U.S. Census Bureau have all deployed differential privacy in real systems. That’s a good sign it’s moved beyond theory into something practically useful.

Federated Learning

Federated learning flips the traditional model training approach on its head. Normally, you gather all the data in one place and train your model there. Federated learning asks: what if the model goes to the data instead?

The model is distributed to individual devices or organizations, trained locally on their data, and then only the model updates — not the raw data — get sent back to a central server. Your data never leaves your device.

The keyboard autocomplete on your phone is probably the most familiar example. Rather than uploading typing data to a central server, the model trains directly on your device. You get smarter predictions; the company never sees what you actually typed.

Where I think this gets really interesting is in healthcare. Multiple hospitals might want to collaborate on a disease prediction model — but sharing patient records across institutions is legally and ethically fraught. Federated learning lets each hospital train on its own data and contribute model updates, without ever exposing the underlying records. The resulting model benefits from all that data without anyone having to hand it over.

In practice, federated learning is often combined with differential privacy for an extra layer of protection — because even model updates can sometimes leak information about the data they were trained on.

Privacy vs Utility: The Core Challenge

Here’s something I think doesn’t get said enough: every privacy gain costs something. That’s not a failure of these techniques — it’s just the reality of the problem.

Generalize too aggressively for k-Anonymity and your data becomes too coarse to be useful. Add too much noise for differential privacy and your results drift from reality. Federated learning introduces coordination overhead that can slow things down significantly.

None of this means privacy and utility are mutually exclusive — they’re not. But it does mean there’s no free lunch. The right technique depends on the specific context: how sensitive is the data, how accurate does the analysis need to be, and what’s the actual threat model? Those questions should drive the choice, not convenience.

Conclusion

The thing I keep coming back to is that privacy isn’t a feature you bolt on at the end. It has to be part of how a system is designed from the start. Traditional anonymization was a reasonable first instinct — it just isn’t enough anymore.

Techniques like k-Anonymity, differential privacy, and federated learning don’t solve the problem perfectly — nothing does. But they give us real, principled ways to extract value from data while treating the people behind it with some respect. As data volumes keep growing and machine learning keeps expanding into sensitive domains, understanding these tools isn’t optional. It’s table stakes for building systems people can actually trust.

References

Dwork, C., & Roth, A. (2014). The Algorithmic Foundations of Differential Privacy.

Sweeney, L. (2002). k-Anonymity: A Model for Protecting Privacy.

McMahan, B., Moore, E., Ramage, D., Hampson, S., & Arcas, B. A. Y. (2017). Communication-Efficient Learning of Deep Networks from Decentralized Data.

© 2026 Swetha Srihari. All rights reserved.