Skip navigation

Bridging policy, regulation and practice? A techno-legal analysis of three types of data in the GDPR

Bridging policy, regulation and practice? A techno-legal analysis of three types of data in the GDPR

Hu, Runshan, Stalla-Bourdillon, Sophie, Yang, Mu, Schiavo, Valeria and Sassone, Vladimiro (2017) Bridging policy, regulation and practice? A techno-legal analysis of three types of data in the GDPR. In: Data Protection and Privacy: The Age of Intelligent Machines. Hart Publishing.

[img]
Preview
PDF (Author Draft Manuscript)
19832 WANG_Bridging_Policy_Regulation_and_Practice_2017.pdf - Draft Version

Download (827kB) | Preview

Abstract

The paper aims to determine how the General Data Protection Regulation (GDPR) could be read in harmony with Article 29 Working Party’s Opinion on anonymisation techniques. To this end, based on an interdisciplinary methodology, a common terminology to capture the novel elements enshrined in the GDPR is built, and, a series of key concepts (i.e. sanitisation techniques, contextual controls, local linkability, global linkability, domain linkability) followed by a set of definitions for three types of data emerging from the GDPR are introduced.

Importantly, two initial assumptions are made:

1) the notion of identifiability (i.e. being identified or identifiable) is used consistently across the GDPR (e.g. Article 4 and Recital 26);

2) the Opinion on Anonymisation Techniques is still good guidance as regards the classification of re-identification risks and the description of sanitisation techniques.

It is suggested that even if these two premises seem to lead to an over-restrictive approach, this holds true as long as contextual controls are not combined with sanitisation techniques. Yet, contextual controls have been conceived as complementary to sanitisation techniques by the drafters of the GDPR. The paper concludes that the GDPR is compatible with a risk-based approach when contextual controls are combined with sanitisation techniques.

Item Type: Conference Proceedings
Title of Proceedings: Data Protection and Privacy: The Age of Intelligent Machines
Uncontrolled Keywords: personal data, anonymisation, pseudonymisation, GDPR, identified
Faculty / Department / Research Group: Faculty of Business
Faculty of Business > Networks and Urban Systems Centre (NUSC) > Connected Cities Research Group
Faculty of Business > Department of Systems Management & Strategy
Last Modified: 18 May 2019 20:35
Selected for GREAT 2016: None
Selected for GREAT 2017: None
Selected for GREAT 2018: GREAT e
Selected for GREAT 2019: GREAT 3
URI: http://gala.gre.ac.uk/id/eprint/19832

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics