Some Issues of Differentiation of Personal and Non-Personal Data in the Law of the European Union

The paper is devoted to the problems of differentiation of the categories «personal data» and «nonpersonal data» in the law of the European Union in the context of information and communication technologies development. The definitions of these concepts, their relationship and interrelation in the context of the application of the concept of dichotomous separation of information in EU law are considered. The criteria for distinguishing between personal and non-personal data are analyzed, based on the essential characteristics and relevance of the information being processed, as well as on the characteristics of the data subject and the possibility of his identification. The place of pseudonymized and anonymized data in the classification of information is indicated. An algorithm used in the EU for determining the category of data is formulated, which has a relativistic nature and is based on the assessment of the risk of identifying an individual in combination with the concept of «reasonable probability». An approach to the legal regulation in the European Union of processing mixed data sets, which are often encountered in practice and include both personal and non-personal data, is considered.

1. De Hert P., Gutwirth S. Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalisation in Action. Reinventing Data Protection. — Springer, 2009. — 342 p.

2. European protection in good health? / Ed. by S. Gutwirth, R. Leenes, P. De Hert, Y. Poullet. — Springer, 2012. — 363 p.

3. Finck M., Pallas F. They who must not be identified — distinguishing personal from non-personal data under the GDPR // International Data Privacy Law. — Vol. 10. — Iss. 1. — 2020. — P. 1–47.

4. Graef I., Gellert R., Purtova N., Husovec M. Feedback to the Commission’s Proposal on a Framework for the Free Flow of Non-Personal Data. — Tilburg University. — 2018. — URL: https://ssrn.com/abstract=3106791 (data obrashcheniya: 15.10.2021). — P. 1–6.

5. Kaburaki Y. Legal Protection for Non-Personal Data in Japan Comparative Perspective with the EU and the U. S. // MIPLC Master Thesis Series, 2017. — 60 p.

6. Manon O. Identifiability and the Applicability of Data Protection to Big Data // International Data Privacy Law, 2016. — P. 1–25.

7. Ronald E. L. Do You Know Me? Decomposing Identifiability // TILT Law & Technology Working Paper Series. — 2008. — No 006/2008. — P. 1–23.

8. Supriyadi D. Personal and Non-Personal Data in the Context of Big Data // Tilburg Institute for Law, Technology and Society. — LLM Law and Technology. — 2016/2017. — 60 p.

9. Surblyte G. Data as a Digital Resource // Max Planck Institute for Innovation & Competition Research Paper. — 2016. — No 16-12. — P. 1–39.

10. Yu P. K. Fitting Machine-Generated Data into Trade Regulatory Holes // The Trade in Knowledge: Economic, Legal and Policy Aspects. — Cambridge University Press, 2020. — P. 2–16