There are plenty of examples about re-identification, the identification of an individual from a supposedly “anonymized” data set.
In this latest – absolutely fascinating – case, Hagen Echzell demonstrates (PDF) how it is possible to locate the Norwegian prime minister from a data set derived from their national Covid tracing app: by simply searching for certain known moves of the PM, her smartphone could be identified from the data (the most common pattern for re-identification: combining pseudonyms in data with third-party data connected to individuals suspected to be present in the data set).
This is yet another warning how what a layperson may consider “anonymous” (no identifiable data points) can still have the potential to trace an individual. Whenever dealing with personal data, it is safest to assume that “anonymous” does not exist and that “anonymized” data is, in fact, pseudonymized – how to deal with this data largely depends on the threat models for the individuals at risk.
More recommended reading on the topic: