- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Sun, 9 Dec 2018 21:27:32 +0100
- To: public-dpvcg <public-dpvcg@w3.org>
Hello all. I have tried to find some broad dimensions along which personal data can be categorised. I think the categories suggested by IAPP are good enough to discuss. From IAPP https://enterprivacy.com/wp-content/uploads/2018/09/Categories-of-Personal-Information.pdf * internal * knowledge & belief * authenticating * preference * historical * life history * financial * account * ownership * transactional * credit * external * identifying * ethnicity * sexual * behavioral * demographic * medical and health * physical characteristic * social * professional * criminal * public life * family * social network * communication * tracking * computer device * contact * location As for Special categories of data, GDPR A9(1) provides the following: * Race & Ethnicity * Political, religious, or philosophical beliefs, including union membership * Health, sex life, and sexual orientation * Genetic and biometric data (for the purpose of uniquely identification) In addition, the Irish DPC provided this about requiring a DPIA. "List of Types of Data Processing Operations which require a Data Protection Impact Assessment" https://dataprotection.ie/documents/Data-Protection-Impact-Assessment.pdf - which had the phrase "Profiling/Evaluation - Evaluating, scoring, predicting of individuals’ behaviours, activities, attributes including location, health, movement, interests, preferences;" Regarding anonymisation, personal data can be anonymised in different ways under the GDPR, and which might be of relevance w.r.t. compliance. If I remember correctly, this was suggested by Hintze in "Viewing the GDPR through a De-Identification Lens: A Tool for Compliance, Clarification, and Consistency" pseudo-anonymisation levels: * identifiable personal data * pseudo-anonymous data that can be de-anonymised by the controller * pseudo-anonymous within organisation that cannot be de-anonymised by the controller * anonymous data Which also brings the question whether we should define or allow to define attributes which act as "identifiers" to identify individuals or de-anonymise data. Regards, -- --- Harshvardhan J. Pandit PhD Researcher ADAPT Centre, Trinity College Dublin https://harshp.com/
Received on Sunday, 9 December 2018 20:27:56 UTC