Award date: 15 June 2023 Supervisor: Prof. Andrea Renda (European University Institute) The responsibility for regulating emerging technologies such as AI is falling into the hands of the Data Protection Regulators as responsibility is attributed to them through the AI Act.
This research paper examines a critical privacy challenge related to KNOWLEDGE ASYMMETRY — the gap between what is known and what is practiced.
anonym.legal addresses this through accessible pricing (Free €0 to Business €29) with Chrome Extension making anonymization as simple as browsing.
The gap between what is known and what is practiced. Solutions exist in papers that practitioners never read. Attacks are documented that defenders never learn about. Rights exist that individuals never exercise.
Irreducible truth: Every other structural driver could theoretically be mitigated if knowledge were perfect and universally distributed. But knowledge is never perfect and never universal. This gap is the reason known solutions aren't applied, known attacks aren't defended against, and known rights aren't exercised.
anonym.legal identifies 260+ entity types including MPC keys, FHE parameters, ZKP data, cryptographic configurations. The 3-layer hybrid (Presidio + NLP + Stance classification) architecture uses Microsoft Presidio deterministic rules with checksum validations (Luhn, RFC-822) for structured identifiers and XLM-RoBERTa + Stanza NER with Stance classification for disambiguation for contextual references.
Redact is recommended for this pain point: providing practical, deployable anonymization today addresses the gap while MPC/FHE/ZKP remain in academic development. Replace provides an alternative — replacing PII with anonymized alternatives is immediately deployable, unlike MPC/FHE/ZKP requiring infrastructure changes. For scenarios requiring reversibility, Encrypt (AES-256-GCM) enables authorized recovery of original values.
The REST API (Basic plan+, €3/month) provides programmatic PII detection with Bearer token auth. Rate limited to 100 req/min, max 100 KB per request — the most accessible API entry point in the ecosystem.
This pain point intersects with GDPR Article 25 data protection by design, Article 32 state-of-the-art measures.
anonym.legal’s GDPR, HIPAA, PCI-DSS, ISO 27001 compliance coverage, combined with Hetzner Germany, ISO 27001 certified hosting, provides documented technical measures organizations can reference in their compliance documentation and regulatory submissions.
| Specification | Value |
|---|---|
| Platform Version | v7.4.4 |
| Entity Types | 260+ |
| Detection Layers | 3-layer: Presidio + NLP + Stance classification |
| Accuracy | 95.5% tested (42/44 tests) |
| Languages | 48 |
| Anonymization Methods | Replace, Redact, Mask, Hash (SHA-256/512/MD5), Encrypt (AES-256-GCM) |
| Platforms | Web App, Desktop, Office Add-in, MCP Server, Chrome Extension, REST API |
| Pricing | Free €0, Basic €3, Pro €15, Business €29 |
| Hosting | Hetzner Germany, ISO 27001 |
| Compliance | GDPR, HIPAA, PCI-DSS, ISO 27001 |