This article defines the term “personal data” as it relates to privact.
Person in this context is an identfied or identifiable living natural person.
“Personal data” is any information that,
- relates to a person
- was created by a person.
The definition should be applied as broadly as possible. The user is the owner of all her personal data. Therefore, the user has the unlimited right to grant and deny permissions to access, modify or process this data.
Personal data that is fully anonymized, such that it can not be de-anonymized, is not considered personal data anymore. This can be hard to achieve, since even an anonymized location statistic can be de-anonymized if there is only one person living in that area. Or more broadly put: If the resulting statistic contains extreme outliers. Fingerprinting must also be considered, that is, is it possible to de-anonymized the data through a combination with more data? If that is the case, it is not fully anonymized.
All data within the personal data database is by definition personal data. Other data may also fall under personal data, independent of where it is stored (Cloud, Gallery, …).
Relevant Examples of personal data, not nearly complete (nor will it ever be):
- Name, Address, Date of birth
- Names and numbers in contacts
- Photos on your device, that the person took.
- Photos on your device that anther person took and shared with person,
- User settings of services etc
- Credit Card Number
- Current and past location
- Memberships / Registration with services, associations, …
Personal data can be categorized by different criteria:
- Severity of impact of breach of privacy
- Health data (specific laws apply)
- Content oriented (e.g. “Phonebook, Gallery, UI Settings,…”)
- Level of protection
- Certified/Signed Data (well, sometime in the future, but it would allow for interesting services)
We are starting our article of the month - Febuary edition with the Definition of “Personal Data”. This is a very central concept for privact.
The idea is that everyone takes their time, reads through the current version of the article and raises questions, makes suggestions etc. in this thread. This also give people the option to participate that cannot make it to the monthly meetings. The goal though is to agree on a better versions of the respective articles of the month in the next monthly meeting.
So, how do you like our current Definition of “Personal Data”? Something missing? Do you disagree or can help to sharpen thoughts?
One aspect I’d like to discuss is the storage of signed data provided by third parties.
Imagine that the country you live in provides you with a digital ID card that stores your date of birth, for example. This data could be used to verify your age. Any service you want to use would locally evaluate whether your age matches and simply return “OK” or “Not OK” to the service. Your actual date of birth / age is not revealed to the service provider, while at the same time a working age verification is possible.
Now, even though your date of birth is definitely your personal information, you are not allowed to change it (except to delete it, in which case the age verification will no longer work).
A more complex example would be a banking application that wants to assess your creditworthiness. To work reliably, it would need to be sure that your past financial transactions are complete and unchanged. Again, your financial transactions are your personal information. But if you delete or change any data related to your financial behavior, the banking application would not produce reliable results for the bank.
So again, relevant data to check your creditworthiness would have to be stored signed by its issuer (so you cannot change it). But in addition, if you delete any of this data (you can do that: it is your data!), the banking application needs to know that or banks will not adapt to our system. So, in consequence, you should not be able to delete the information that you have deleted information about your financial behavior. Although this information is - of course! - also your personal data.
Is this problematic in any way? How can we make sure this works?
Well, if you delete the data by your service provider, the service may no longer work. That’s ok, as it is the user decision. The service provider should include something in its terms and conditions that the usage of the service is dependent on the data being available.
Now for the more difficult case of third parties: If you delete every trace of a service, how would the third party know, that data is incomplete? It can’t. It again would have to be between user and third party to ensure that data is delivered completely. There may have to be some level of trust or maybe some record keeping by others (e.g. Schufa knows which banks you are customer of). Maybe that would be a workable solution.
It think we should start with signed data and let the services work it out how they deal with missing data (incomplete can be recognized, but completey removed data can not).