Personal Data Flashcards
What is personal data?
Defined by Article 4 (1).
a) Information (name, id#, location)
b) Relating to (impact on a person’s privacy rights).
c) an identified or identifiable (direct or indirect identifiers)
d) natural person.
Dynamic IP addresses could be personal data per CJEU ruling - because combining it with ISP data could identify a person.
Cookies are another example of indirect ids.
What’s the difference between anonymous and pseudonymous data?
Anonymous data is shorn of identity. Hence not protected by GDPR.
Pseudonymous data, on the other hand, only temporarily disassociates the identity. It is a security measure. It is possible to reconstruct the original data from it. Hence is covered by GDPR.
What are special categories of personal data denoted by GDPR?
Article 9 (1) denotes personal data that is sensitive and under what conditions it may be processed. These are: racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, health data, genetic data, biometric data etc.
What does GDPR say about criminal data?
Article 10 says that processing such data shall be carried out under the control of official authority.
What aspects of information about a person makes it personal data?
Personal data is defined as “any information”.
Nature, content and format make it personal data.
Nature - statement about a person that is subjective or objective
Content - Information about the individual’s private and public life. Even IP addresses and cookies are personal data.
Format - Information processed by automated means or manual (filing system).
With personal data, what does the term “relating to” imply?
Information could be about that person (e.g. name, SSN, etc.)
Information about objects (e.g. individual owns a car, value of the car), processes or event may constitute personal data.
Content, Purpose and Result determine whether information relates to an individual.
a) Content - e.g. result of a test is related to a student
b) Purpose - if the information evaluates, considers or analyses individual in a certain way
c) Result - when the processing of information has an impact on the individual’s rights.