So what is Personally Identifiable Information
This is a topic that comes up all the time and there are various views out there so I wanted to add to the debate.
I specifically want to emphasise 2 key points:
Personal Information - any information relating to an identified or identifiable natural person.
So what is an "identifiable natural person"? GDPR go on to explain that this is someone who "can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person"
It is also important to stress that GDPR and EU law seeks to incorporate into this definition as many pieces of information about you as possible.
As an example, recently the European Court of Justice ruled in a court case between Patrick Breyer and the German Government that dynamic IP Addresses should also be considered as personal data. IP addresses are the unique address your computer or smartphone has when on the internet and is normally temporary, i.e. dynamic. It changes frequently, for example each time you go on the internet or after a few days.
So it must be stressed that personal information does not only have to be your name for example but anything that can help uniquely identify you amongst other people.
This is where the context also applies. For example in a classroom or work environment your first name may be unique enough for everybody to know they are talking about you but would not be enough when referring to everybody who lives in your town.
Cookies for example often only use a unique number to refer to you as you visit various websites. They do not know your name or email address and rely on this unique identify to link your search history, sites you visit or items you look at in order to better know you and serve up more helpful adverts. That assumes you find them helpful of course.
So there you have it. There is a lot more detail to this and how personal information is obtained, stored, used by companies and in what circumstances it really is personal information but hopefully this helped give a quick overview.
Did this help you? Please let me know by liking this article, sharing with your network and added any thoughts and comments too.
I specifically want to emphasise 2 key points:
- It is not just about your name
- It needs to be contextualised
Definition
The new General Data Protection Regulation (for short we will call it GDPR) defines it as follows:Personal Information - any information relating to an identified or identifiable natural person.
So what is an "identifiable natural person"? GDPR go on to explain that this is someone who "can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person"
It is also important to stress that GDPR and EU law seeks to incorporate into this definition as many pieces of information about you as possible.
As an example, recently the European Court of Justice ruled in a court case between Patrick Breyer and the German Government that dynamic IP Addresses should also be considered as personal data. IP addresses are the unique address your computer or smartphone has when on the internet and is normally temporary, i.e. dynamic. It changes frequently, for example each time you go on the internet or after a few days.
Application
So it must be stressed that personal information does not only have to be your name for example but anything that can help uniquely identify you amongst other people.
This is where the context also applies. For example in a classroom or work environment your first name may be unique enough for everybody to know they are talking about you but would not be enough when referring to everybody who lives in your town.
Cookies for example often only use a unique number to refer to you as you visit various websites. They do not know your name or email address and rely on this unique identify to link your search history, sites you visit or items you look at in order to better know you and serve up more helpful adverts. That assumes you find them helpful of course.
So there you have it. There is a lot more detail to this and how personal information is obtained, stored, used by companies and in what circumstances it really is personal information but hopefully this helped give a quick overview.
Did this help you? Please let me know by liking this article, sharing with your network and added any thoughts and comments too.
Comments
Post a Comment