The notions of “personal data” in the EU and “personally identifiable information” (PII) in the U.S., which are the cornerstones of modern privacy regulations, do not carry exactly the same meaning. The first part of our discussion concentrates on these variations and the differences between the U.S. and the EU approaches to privacy.
Table B.1 in Appendix B shows various definitions of personal data and personally identifiable information. The sources of these definitions are mostly privacy laws and standardization documents. For example, the CNIL1 guidelines [32, 33] refer to the definitions of personal data from the EU Directive [47], the French Data Protection Act [50] and the ISO standard ISO/IEC 29100:2011 [72].
Considering the central role of the notion of personal data in the legal framework, the EU Directive [47] has introduced the following general definition:
“Personal data shall mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”
As a first comment, it may be noted that the EU Directive does not seem to make a difference between “data” and “information.” In fact, the two words are not always used with the same meaning in the literature2 but this distinction is not essential here and we will, as the EU Directive, use them interchangeably.
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.
