Your ‘Anonymous’ Data Shouldn’t Be Able to Re-Identify You—But It Can