European Data Protection Authorities Provide New Guidance on “Personal Data”
Data protection law protects the privacy of "personal data," however this term is deceptively simple. A number of factors have recently highlighted the difficulties in defining it, including the advent of new technological advances, the techniques of "de-identifying" data, and an increase in attempts to use data protection law for purposes for which they were not originally designed (at least in the UK). Those holding data, individuals and regulators alike, often struggle in determining when a particular piece of information should be considered personal data. The issue is fundamental. If data is not "personal data," data protection regimes do not generally apply. To name but two consequences: the subjects of that data would not have rights to access it and the controllers of that data would not need to worry about transferring it outside the EEA.