While anonymity is often considered as a binary property that is either satisfied or not satisfied, a closer analysis shows that there are different degrees of anonymity and that an appropriate degree of anonymity must be selected depending on application and context. For this purpose, different models have been developed that allow for defining the degree of anonymity needed for a given application and evaluating whether this required degree has been achieved. The current paper identifies the properties that such a model of anonymity should satisfy and evaluates the most common models based on these properties, thereby providing a basis for implementing anonymity in software development and verifying that an adequate degree of anonymity has been achieved in a particular application. To achieve this, the paper starts with an outline of the reasons for creating anonymity models and the legal framework of anonymity. Subsequently, the main threats to and relevant properties of anonymity are identified. In the main body of the paper, the available models of anonymity are then summarized and evaluated against these properties.
Schenke et al. (Fri,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: