London's transport authority has come under fire for releasing data that allowed anyone with a computer to track the movements of people using its bike-share scheme.
A researcher at the University of Nottingham told BuzzFeed that this incident should never have occurred, particularly with information that is especially personal.
Dr Gilad Rosner, who specialises in digital identity and privacy, said that TfL should be applauded for encouraging the idea of open data but were careless in their approach, particularly with something as sensitive as movement data.
This comes after James Siddle downloaded the data, freely available from TfL's website, and created visualisations to highlight the potential privacy implications.
Siddle, 38 also suggested in a blog post that "with a little effort, it's possible to find the actual people who have made the journeys".
Information from TfL's datasets include the start and end location as well as journey times. Crucially, until Siddle's blog post, this information also included a unique customer ID, which means that users could download the datasets and potentially predict a user's movements.
This means anyone who downloaded the data would have been able to narrow down journeys made by individual commuters.
Siddle claims he informed the department about the privacy issue and a spokesperson for TfL told BuzzFeed that it took down the entire dataset following his blog post.
It re-published the data late last week after removing any sensitive information but emphasised that it would be very difficult to track down individuals.
But Siddle's blog post refuted these claims. "All that's needed to work out who this profile belongs to is one bit of connecting information," he wrote.
Although a TfL spokesperson told BuzzFeed it would be very difficult to identify specific individuals, Siddle claims that pseudonymised data can become very personal when combined with other datasets.
TfL told BuzzFeed that the information was erroneously made available when transferring to their new website last year.
TfL's General Manager of Cycle Hire, Nick Aldworth, said: "We're committed to improving transparency across all our services and publish a range of data for customers and stakeholders online.
"Due to an administrative error, anonymised user identification numbers were shown against individual trips made between 22 July 2012 and 2 February 2013.
"The data, which did not identify any individual customers online, was removed as soon as the matter was brought to our attention."