Scoping Personal Data: Towards a Nuanced Interpretation of the Material Scope of EU Data Protecton Law
The concept of personal data – any information relating to an identified or identifiable natural person – is a cornerstone of the European data protecton framework since its very inception. The processing of personal data is a condito sine qua non for the applicability of EU data protecton law. Despite the crucial importance of the notion, the boundaries of the concept are often blurry. Ascertaining whether data is personal frequently depends on each individual processing’s concrete context and characteristics. As a result of the contextual and relative character of the notion of personal data, in cases dealing with indirect identifiability, much is left to the discretion of the interpreter.
European doctrine and jurisprudence favour an expansive interpretation of the notion of personal data. In particular, the identifiability threshold is seen as very low; at the same time, the ways in which the information can be said to be relating to a natural person are manifold. The combination between the low identifiability threshold, and of the wide range of ways to satisfy the requirement for a relational link between data and natural person, leads to an extremely wide material scope for EU data protecton legislation. Data protecton is thus becoming, it has been argued, ‘the law of everything’.
This paper responds to the growing concerns surrounding the perceived over-inclusiveness of the noton of personal data, suggesting a balanced approach to its interpretation. It starts by defining the concept of personal data in EU data protection, taking into account law, doctrine, and jurisprudence. It then delves into the two most crucial elements of the concept of personal data: identifiability, and the connection that must link information and natural person to make the data personal. The paper concludes by providing a balanced reading of the concept of personal data, pleading for a nuanced approach to its interpretation.