The only way to properly anonymize data is to aggregate it in such a way that you can't undo the aggregation. Anonymized data can nearly always be de-anonymized if you have either a) sufficient volume of data or b) access to the raw non-anonymized source data.
The problem is that most data surveillance systems store the raw source data instead of just keeping metrics in aggregate form. Thus, it's almost always possible to de-anonymize data.