Document Actions

Citation and metadata

Back to the article.

Recommended citation

Gerald Spindler, Philipp Schmechel, Personal Data and Encryption in the European General Data Protection Regulation, 7 (2016) JIPITEC 163 para 1.

Download Citation

Endnote

%0 Journal Article
%T Personal Data and Encryption in the European General Data Protection Regulation
%A Spindler, Gerald
%A Schmechel, Philipp
%J JIPITEC
%D 2016
%V 7
%N 2
%@ 2190-3387
%F spindler2016
%X Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.
%L 340
%K Advocate General
%K Anonymisation
%K Data Protection
%K ECJ
%K Encryption
%K GDPR
%K Material Scope
%K Personal Data
%K Pseudonymisation
%K Secure Multiparty Computation
%U http://nbn-resolving.de/urn:nbn:de:0009-29-44408
%P 163-177
Download

Bibtex

@Article{spindler2016,
  author = 	"Spindler, Gerald
		and Schmechel, Philipp",
  title = 	"Personal Data and Encryption in the European General Data Protection Regulation",
  journal = 	"JIPITEC",
  year = 	"2016",
  volume = 	"7",
  number = 	"2",
  pages = 	"163--177",
  keywords = 	"Advocate General; Anonymisation; Data Protection; ECJ; Encryption; GDPR; Material Scope; Personal Data; Pseudonymisation; Secure Multiparty Computation",
  abstract = 	"Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation's relevant provisions regarding encryption -- such as those for anonymisation and pseudonymisation -- and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR's material scope.",
  issn = 	"2190-3387",
  url = 	"http://nbn-resolving.de/urn:nbn:de:0009-29-44408"
}
Download

RIS

TY  - JOUR
AU  - Spindler, Gerald
AU  - Schmechel, Philipp
PY  - 2016
DA  - 2016//
TI  - Personal Data and Encryption in the European General Data Protection Regulation
JO  - JIPITEC
SP  - 163
EP  - 177
VL  - 7
IS  - 2
KW  - Advocate General
KW  - Anonymisation
KW  - Data Protection
KW  - ECJ
KW  - Encryption
KW  - GDPR
KW  - Material Scope
KW  - Personal Data
KW  - Pseudonymisation
KW  - Secure Multiparty Computation
AB  - Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.
SN  - 2190-3387
UR  - http://nbn-resolving.de/urn:nbn:de:0009-29-44408
ID  - spindler2016
ER  -
Download

Wordbib

<?xml version="1.0" encoding="UTF-8"?>
<b:Sources SelectedStyle="" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography"  xmlns="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" >
<b:Source>
<b:Tag>spindler2016</b:Tag>
<b:SourceType>ArticleInAPeriodical</b:SourceType>
<b:Year>2016</b:Year>
<b:PeriodicalTitle>JIPITEC</b:PeriodicalTitle>
<b:Volume>7</b:Volume>
<b:Issue>2</b:Issue>
<b:Url>http://nbn-resolving.de/urn:nbn:de:0009-29-44408</b:Url>
<b:Pages>163-177</b:Pages>
<b:Author>
<b:Author><b:NameList>
<b:Person><b:Last>Spindler</b:Last><b:First>Gerald</b:First></b:Person>
<b:Person><b:Last>Schmechel</b:Last><b:First>Philipp</b:First></b:Person>
</b:NameList></b:Author>
</b:Author>
<b:Title>Personal Data and Encryption in the European General Data Protection Regulation</b:Title>
<b:Comments>Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.</b:Comments>
</b:Source>
</b:Sources>
Download

ISI

PT Journal
AU Spindler, G
   Schmechel, P
TI Personal Data and Encryption in the European General Data Protection Regulation
SO JIPITEC
PY 2016
BP 163
EP 177
VL 7
IS 2
DE Advocate General; Anonymisation; Data Protection; ECJ; Encryption; GDPR; Material Scope; Personal Data; Pseudonymisation; Secure Multiparty Computation
AB Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.
ER
Download

Mods

<mods>
  <titleInfo>
    <title>Personal Data and Encryption in the European General Data Protection Regulation</title>
  </titleInfo>
  <name type="personal">
    <namePart type="family">Spindler</namePart>
    <namePart type="given">Gerald</namePart>
  </name>
  <name type="personal">
    <namePart type="family">Schmechel</namePart>
    <namePart type="given">Philipp</namePart>
  </name>
  <abstract>Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.</abstract>
  <subject>
    <topic>Advocate General</topic>
    <topic>Anonymisation</topic>
    <topic>Data Protection</topic>
    <topic>ECJ</topic>
    <topic>Encryption</topic>
    <topic>GDPR</topic>
    <topic>Material Scope</topic>
    <topic>Personal Data</topic>
    <topic>Pseudonymisation</topic>
    <topic>Secure Multiparty Computation</topic>
  </subject>
  <classification authority="ddc">340</classification>
  <relatedItem type="host">
    <genre authority="marcgt">periodical</genre>
    <genre>academic journal</genre>
    <titleInfo>
      <title>JIPITEC</title>
    </titleInfo>
    <part>
      <detail type="volume">
        <number>7</number>
      </detail>
      <detail type="issue">
        <number>2</number>
      </detail>
      <date>2016</date>
      <extent unit="page">
        <start>163</start>
        <end>177</end>
      </extent>
    </part>
  </relatedItem>
  <identifier type="issn">2190-3387</identifier>
  <identifier type="urn">urn:nbn:de:0009-29-44408</identifier>
  <identifier type="uri">http://nbn-resolving.de/urn:nbn:de:0009-29-44408</identifier>
  <identifier type="citekey">spindler2016</identifier>
</mods>
Download

Full Metadata

Bibliographic Citation 7 (2016) 2
Title

Personal Data and Encryption in the European General Data Protection Regulation (eng)
Author Gerald Spindler, Philipp Schmechel
Language eng
Abstract Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.
Subject Advocate General, Anonymisation, Data Protection, ECJ, Encryption, GDPR, Material Scope, Personal Data, Pseudonymisation, Secure Multiparty Computation
DDC 340
Rights DPPL
URN: urn:nbn:de:0009-29-44408
JIPITEC – Journal of Intellectual Property, Information Technology and E-Commerce Law
Article search
Extended article search
Newsletter
Subscribe to our newsletter
Follow Us
twitter
 
Navigation