- From: Christine Runnegar <runnegar@isoc.org>
- Date: Tue, 16 Oct 2012 19:41:34 +0200
- To: "public-privacy@w3.org mailing list)" <public-privacy@w3.org>
Opinion of the Article 29 Data Protection Working Party adopted on 5 October 2012 http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp199_en.pdf The Opinion regarding the EU data protection reform package covers a number of aspects. The following extracts may be of particular interest to this group: Pages 5-6 - Definition of personal data Extract: ".... One of the main conclusions of this analysis is that a natural person can be considered identifiable when, within a group of persons, he or she can be distinguished from other members of the group and consequently be treated differently. It is therefore suggested to clarify in Recital 23 and Article 4 that the notion of identifiability also includes singling out in this way. Recital 23: ‘The principles of protection should apply to any information concerning an identified or identifiable person and any information allowing a natural person to be singled out and treated differently. To determine whether a person is identifiable, account should be taken of all the means reasonably likely [delete: reasonably] to be used either by the controller or by any other person to identify the individual. The principles of data protection should not apply to data rendered anonymous in such a way that the data subject is no longer identifiable.’5 Article 4 (2): 'data subject' means an identified natural person or a natural person who can be identified, directly or indirectly, or singled out and treated differently, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person’. .... The Working Party therefore suggests changing recital 24 accordingly. Recital 24: ‘When using online services, individuals may be associated with online identifiers provided by their devices, applications, tools and protocols, such as Internet Protocol addresses or cookie identifiers. This may leave traces which, combined with unique identifiers and other information received by the servers, may be used to create profiles of the individuals and identify or single them out. It follows that identification numbers, location data, online identifiers or other specific factors as such should as a rule be considered [delete:need not necessarily be considered as] personal data [delete: in all circumstances].’ ..." Page 7 - Consent
Received on Tuesday, 16 October 2012 17:42:05 UTC