Personal Data or Anonymous Data: where to draw the lines (and why)?
The concept of personal data is as complex as it is important. This article analyzes key legal issues surrounding the concept. It exposes the flaws of the «absolute vs relative» approaches regularly used by legal scholars to address the issue of identifiability and proposes a new test, duly taking into account the environment in which the data is processed. The article further analyzes the handling and transfer of pseudonymized data in light of the decisions of the Federal Tribunal and of cantonal courts, and the resulting obligations for both the data provider and data recipient.
Table of contents
- 1. Legal Framework
- 2. The Concept of «Personal Data»
- 3. The Concept of «Identifiability»
- 3.1. In General
- 3.2. Moving Away From The «Absolute Vs. Relative» Approaches of Identifiability
- 3.3. Assessing De-Identification and Re-Identification in the Data Environment
- 3.4. What Means Should Be Taken Into Consideration (component 1)?
- 3.5. Which Actors Should Be Taken Into Consideration (component 2)?
- 3.5.1. In General
- 3.5.2. The Logistep case
- 3.6. Interim Conclusion
- 3.7. Restating the Identifiability Test
- 4. Handling and Transferring Pseudonymized or Coded Data
- 4.1. Under the FADP
- 4.2. Under the revFADP
- 4.3. Interim Conclusion
- 5. Considerations under the GDPR
- 6. Considerations under the HRA
- 6.1. Concepts
- 6.2. Discussion
- 7. Conclusion
Loggen Sie sich bitte ein, um den ganzen Text zu lesen.
Es gibt noch keine Kommentare
Votre commentaire sur cet article
Les abonné-e-s à cette revue peuvent prendre part à la discussion. Veuillez vous connecter pour poster des commentaires.
Aucun commentaire