Download to read offline
Uploaded byePSI Platform
Track H Hans Graux
This document discusses the definition of personal data and how it relates to public sector information (PSI). It notes that personal data is defined as any information relating to an identifiable natural person. However, determining identifiability can be complex, as it depends on the means and purposes of processing. The document examines a blurry real-life case of whether crime data in Manchester would constitute personal data. It also questions whether purely geographical data like addresses and coordinates should always be considered personal data. The document advocates for a pragmatic approach that distinguishes personal data based on its inherent nature from data that only becomes personal based on its contextual use and processing. If identifiability is not a foreseeable result of
More Related Content
Track H Hans Graux
- 1. PSI as personaldata: moving towards pragmatism Hans Graux, ICT Lawyer
- 2. Personal data anddata subjects Definition: “any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity” 2
- 3. Not so easy… Recital 26: “to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person” Opinion WP136 on the Concept of Personal Data (2007): “One should consider costs, intended purpose, modalities of processing, incentives, interests for the individuals, and organisational/technical risks” 3
- 4. Personal data inPSI Crime data in Manchester – personal data? 4
- 5. Blurry real lifecase Personal data Not personal data 5
- 6. Pushing the limits… Adress lists and purely geographic data: – Main Street has houses numbered from 1 to 250; – Statue of Local Hero is located at coordinates 50.877931,4.703541; – A nice shrubbery is planted at 50.86075,4.756103 Personal data? Surely not… 6
- 7. Seeking reason… Pragmaticapproach: distiction between: – Personal data from its nature: contact data, health data, pictures of persons,… : law clearly applies – Personal data from its contextual use: geolocation, pictures of environments, object data, …: only become personal data when their use implies a linking to natural persons. If identifiability (whether intended or not) is not a foreseeable result of normal use, then data protection laws do not apply. Not so much based on law, but on realism 7
Editor's Notes
- #5 UKCrimeStats. the UK Information Commissioner (ICO), who monitors compliance with data protection laws in the UK, has issued specific guidelines on crime maps and data protection compliance. The ICO noted that relevant factors for assessing compliance would include: the granularity of the crime-map the regularity of data uploads the sensitivity of the crime the information recorded on the map, and the availability of other sources of information The guidelines require those who publish crime maps to implement appropriate procedures to address the concerns of victims of crime who fear that the maps reveal their identity, or the objections of house owners whose property value diminishes as a result of incorrectly attributed data. The ICO also explicitly warned against any practices that would allow a specific household to be linked to a particular crime, noting that this would likely constitute an unfair processing of personal data. Thus, the recommendation is to clearly avoid making the information needlessly specific. Crime-mapping, privacy and transparency: advice from the Information Commissioner’s Office, published on 24 November 2010; see http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/crime_mapping_advice.ashx
- #6 Not personal data: scale 1:2.000