Closed chaals closed 4 months ago
Data data data data person data data data data data personal data. I don't see what the problem is @chaals.
Is this better: If data could be combined with another data source to reasonably identify or re-identify someone, then that data is personal data.
?
The problem is identifying whether the thing described as personal data is the "data that could be combined", the "other data", both when combined, each of them individually a priori, or something else.
So no, rephrasing as
If data could be combined with another data source to reasonably identify or re-identify someone, then that data is personal data.
doesn't solve the problem.
I think both the data and the other data each individually wind up being personal data, since "combining" is commutative on data. +1 that the phrasing is confusing. I also think the concept itself is confusing and not fully captured by any definition I've seen, since "the moon is round" can be combined with "Person X is Jeffrey Yasskin" to identify me. Since people with much greater expertise have failed to make this clear, I think we gave up on trying to do better than them.
Hmm. So that sort of matches what I am thinking.
Data that is sufficient to identify a specific person is "Personal Data". This can be directly gathered, or created by collecting information from more than one source and merging it to provide more detail.
The problem is that people generally have no concept of consent to the merging of different data sources, and no real ability to manage the process, for example to exercise any legal rights they have, nor even to express an opinion on their wishes.
I'm not sure that really comes out in the document, although the explanations of how unrealistic it is for people to manage their privacy individually hints at it.
The sentence
is hard to understand, and in particular it is unclear what the final instance of "data" actually refers to.