Abstract
The primary scope of application of the General Data Protection Regulation—Regulation (UE) 2016/679 (GDPR)—is ‘personal data’; ‘data’ that is not personal data can be freely processed within the legal framework of the Regulation (UE) 2018/1807. Although the European data protection framework recognises these two categories of data—‘personal data’ and ‘non-personal data’—reality reveals ‘a lot in between’ the opposite endpoints. There are accordingly considerable complications in drawing the boundaries between personal and non-personal data. In this article, we will review some of the main issues related to the usual classification of data as personal, anonymous, pseudonymous, de-identified data, and suggest that the most realistic way to approach the different problems is to recognise the dynamic nature of the data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Article 29 Working Party (2007) Opinion 04/2007 on the concept of personal data. https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2007/wp136_en.pdf
Article 29 Working Party (2014) Opinion 05/2014 on anonymisation techniques. https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf
Bohannon J (2015) Privacy. Credit card study blows holes in anonymity. Science 347:468–468
Booth S, Jenkins R, Moxon D, Semmens N, Spencer C, Taylor M, Townend D (2004) What are ‘personal data’? A study conducted for the UK Information Commissioner, University of Sheffield. https://www.frareg.com/cms/wp-content/uploads/personal_data.pdf
Burgin M (2010) Theory of information. Fundamentality, diversity and unification. World Scientific Publishing, Singapore
Ducato R (2016) La crisi della definizione di dato personale nell’era del web 3.0. Una lettura civilistica in chiave comparata. In: Cortese F, Tomasi M (eds) Il diritto e le definizioni. Edizioni Scientifiche Italiane, Napoli, pp 145–178
Finck M, Pallas F (2020) They who must not be Identified—distinguishing Personal from Non-Personal Data under the GDPR. Int Data Priv Law 10(1):11–36
Floridi L (2009) Philosophical conceptions of information. In: Sommaruga G (ed) Formal theories of information: from Shannon to semantic information theory and general concepts of information. Springer, Berlin, Heidelberg, pp 13–53
George D, Reutimann K, Tamò-Larrieux A (2019) GDPR bypass by design? Transient processing of data under the GDPR. Int Data Priv Law 9(4):285–298
Groos D, van Veen E-B (2020) Anonymised data and the rule of law. Eur Data Prot Law Rev 4(6):1–11
Irti C (2020) Dato personale, dato anonimo e crisi del modello normativo dell’identità. Ius civile (2):379–397
Mourby M, Mackey E, Elliot M, Gowans H, Wallace SE, Bell J, Smith H, Aidinlis S, Kaye J (2018) Are ‘pseudonymised’ data always personal data? Implications of the GDPR for administrative data research in the UK. Comput Law Secur Rev 34(2):222–233
Ohm P (2010) Broken promises of privacy: responding to the surprising failure of anonymization. UCL Law Rev 57:1701–1711
Pellecchia E (2020) Dati personali, anonimizzati, pseudonimizzati, de-identifcati: combinazioni possibili di livelli molteplici di identificabilità nel GDPR. Le Nuove Leggi Civili Commentate 2:360–373
Purtova N (2018) The law of everything. Broad concept of personal data and future of EU data protection law. Law Innov Technol 10(1):40–81
Stalla-Bourdillon S, Knight A (2017) Anonymous data v. personal data—a false debate: an EU perspective on anonymisation, pseudonymisation and personal data. Wis Int Law J 34:284–322
Zech H (2015) Information as property. J Intell Prop Inf Technol Electron Comp 6:192–197
Zech H (2016a) A legal framework for a data economy in the European Digital Single Market: rights to use data. J Intellect Prop Law Pract 11(6):460–470
Zech H (2016b) Data as a tradeable commodity. In: De Franceschi A (ed) European contract law and the digital single market. Intersentia, Cambridge, pp 51–81
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Irti, C. (2022). Personal Data, Non-personal Data, Anonymised Data, Pseudonymised Data, De-identified Data. In: Senigaglia, R., Irti, C., Bernes, A. (eds) Privacy and Data Protection in Software Services. Services and Business Process Reengineering. Springer, Singapore. https://doi.org/10.1007/978-981-16-3049-1_5
Download citation
DOI: https://doi.org/10.1007/978-981-16-3049-1_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-3048-4
Online ISBN: 978-981-16-3049-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)