The EU GDPR is a brand-new set of rules that aims to strengthen protections for personal data and to ensure consistency of such protections across the EU. The regulation builds upon the EU’s existing 1995 Data Protection Directive, an important set of laws that predates ubiquitous smart phones and the rise of social media and other online services (search, email, etc.) that companies offer free-of-charge to users, but finance with data-driven targeted advertising. The EU regulation expands the directive’s privacy protections and introduces new safeguards in return to these technological developments.
In the digital age, everything a person does online generates or implicates dossier that can be highly affirm about their private life. The GDPR provides new ways people can protect their personal data, and by extension their privacy and other human rights. It gives everyone more control, and requires businesses, governments, and other organizations to confess more about their data practices, and regulates the way they collect, process, and abundance people’s data.
Persona data is defined generally under the GDPR to include “any advice relating to an identified or identifiable person.” Thus, even dossier that does not directly identify a named person, but could still help identify them, is still capped by the law. This definition encompasses online and device identifiers (like IP addresses, cookies, or device IDs), location data, user names, and pseudonymous data.