If good methods have been applied, the risk of re-identification can be very small. I think that, in many of those examples, good methods were not applied. They demonstrate the importance of applying good methods and good practices.
As I mentioned, the risk is not going to be zero. There's always some risk. You manage that residual risk by putting in place additional controls, such as additional security controls, privacy controls and contractual controls.
Overall, the risk can be quite small. The approaches work well in practice when they have been applied properly.