Personal Data Flashcards

1
Q

What is personal data?

A

Defined by Article 4 (1).
a) Information (name, id#, location)
b) Relating to (impact on a person’s privacy rights).
c) an identified or identifiable (direct or indirect identifiers)
d) natural person.

Dynamic IP addresses could be personal data per CJEU ruling - because combining it with ISP data could identify a person.
Cookies are another example of indirect ids.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What’s the difference between anonymous and pseudonymous data?

A

Anonymous data is shorn of identity. Hence not protected by GDPR.
Pseudonymous data, on the other hand, only temporarily disassociates the identity. It is a security measure. It is possible to reconstruct the original data from it. Hence is covered by GDPR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are special categories of personal data denoted by GDPR?

A

Article 9 (1) denotes personal data that is sensitive and under what conditions it may be processed. These are: racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, health data, genetic data, biometric data etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does GDPR say about criminal data?

A

Article 10 says that processing such data shall be carried out under the control of official authority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What aspects of information about a person makes it personal data?

A

Personal data is defined as “any information”.
Nature, content and format make it personal data.
Nature - statement about a person that is subjective or objective
Content - Information about the individual’s private and public life. Even IP addresses and cookies are personal data.
Format - Information processed by automated means or manual (filing system).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

With personal data, what does the term “relating to” imply?

A

Information could be about that person (e.g. name, SSN, etc.)
Information about objects (e.g. individual owns a car, value of the car), processes or event may constitute personal data.
Content, Purpose and Result determine whether information relates to an individual.
a) Content - e.g. result of a test is related to a student
b) Purpose - if the information evaluates, considers or analyses individual in a certain way
c) Result - when the processing of information has an impact on the individual’s rights.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly