Bridging policy, regulation and practice? A techno-legal analysis of three types of data in the GDPR
Hu, Runshan, Stalla-Bourdillon, Sophie, Yang, Mu, Schiavo, Valeria and Sassone, Vladimiro (2017) Bridging policy, regulation and practice? A techno-legal analysis of three types of data in the GDPR. In: Data Protection and Privacy: The Age of Intelligent Machines. Computers, Privacy and Data Protection, 10 . Hart Publishing.
Preview |
PDF (Author Draft Manuscript)
19832 WANG_Bridging_Policy_Regulation_and_Practice_2017.pdf - Draft Version Download (827kB) | Preview |
Abstract
The paper aims to determine how the General Data Protection Regulation (GDPR) could be read in harmony with Article 29 Working Party’s Opinion on anonymisation techniques. To this end, based on an interdisciplinary methodology, a common terminology to capture the novel elements enshrined in the GDPR is built, and, a series of key concepts (i.e. sanitisation techniques, contextual controls, local linkability, global linkability, domain linkability) followed by a set of definitions for three types of data emerging from the GDPR are introduced.
Importantly, two initial assumptions are made:
1) the notion of identifiability (i.e. being identified or identifiable) is used consistently across the GDPR (e.g. Article 4 and Recital 26);
2) the Opinion on Anonymisation Techniques is still good guidance as regards the classification of re-identification risks and the description of sanitisation techniques.
It is suggested that even if these two premises seem to lead to an over-restrictive approach, this holds true as long as contextual controls are not combined with sanitisation techniques. Yet, contextual controls have been conceived as complementary to sanitisation techniques by the drafters of the GDPR. The paper concludes that the GDPR is compatible with a risk-based approach when contextual controls are combined with sanitisation techniques.
Item Type: | Conference Proceedings |
---|---|
Title of Proceedings: | Data Protection and Privacy: The Age of Intelligent Machines |
Uncontrolled Keywords: | personal data, anonymisation, pseudonymisation, GDPR, identified |
Subjects: | H Social Sciences > H Social Sciences (General) |
Faculty / School / Research Centre / Research Group: | Faculty of Business Faculty of Business > Department of Systems Management & Strategy Faculty of Business > Networks and Urban Systems Centre (NUSC) > Connected Cities Research Group Faculty of Business > Networks and Urban Systems Centre (NUSC) |
Related URLs: | |
Last Modified: | 30 Apr 2020 16:08 |
URI: | http://gala.gre.ac.uk/id/eprint/19832 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year