The Conundrum of Trustworthy Research on Attacking Personally Identifiable Information Removal Techniques

Sebastian Ochs, Ivan Habernal


Abstract
Removing personally identifiable information (PII) from texts is necessary to comply with various data protection regulations and to enable data sharing without compromising privacy. However, recent works show that documents sanitized by PII-removal techniques are vulnerable to reconstruction attacks. Yet, we suspect that the reported success of these attacks is largely overestimated. We critically analyze the evaluation of existing attacks and find that data leakage and data contamination are not properly mitigated, leaving the question whether or not PII removal techniques truly protect privacy in real-world scenarios unaddressed. We investigate possible data sources and attack setups that avoid data leakage and conclude that only truly private data can allow us to objectively evaluate vulnerabilities in PII removal techniques. However, access to private data is heavily restricted—and for good reasons—which also means that the public research community cannot address this problem in a transparent, reproducible, and trustworthy manner.
Anthology ID:
2026.cl-2.8
Volume:
Computational Linguistics, Volume 52, Issue 2 - June 2026
Month:
June
Year:
2026
Address:
Cambridge, MA
Venue:
CL
SIG:
Publisher:
MIT Press
Note:
Pages:
725–757
Language:
URL:
https://preview.aclanthology.org/codex___ingest-cl-2026-issue-2/2026.cl-2.8/
DOI:
10.1162/coli.a.615
Bibkey:
Cite (ACL):
Sebastian Ochs and Ivan Habernal. 2026. The Conundrum of Trustworthy Research on Attacking Personally Identifiable Information Removal Techniques. Computational Linguistics, 52(2):725–757.
Cite (Informal):
The Conundrum of Trustworthy Research on Attacking Personally Identifiable Information Removal Techniques (Ochs & Habernal, CL 2026)
Copy Citation:
PDF:
https://preview.aclanthology.org/codex___ingest-cl-2026-issue-2/2026.cl-2.8.pdf