Citation and metadata
Recommended citation
Gerald Spindler, Philipp Schmechel, Personal Data and Encryption in the European General Data Protection Regulation, 7 (2016) JIPITEC 163 para 1.
Download Citation
Endnote
%0 Journal Article %T Personal Data and Encryption in the European General Data Protection Regulation %A Spindler, Gerald %A Schmechel, Philipp %J JIPITEC %D 2016 %V 7 %N 2 %@ 2190-3387 %F spindler2016 %X Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope. %L 340 %K Advocate General %K Anonymisation %K Data Protection %K ECJ %K Encryption %K GDPR %K Material Scope %K Personal Data %K Pseudonymisation %K Secure Multiparty Computation %U http://nbn-resolving.de/urn:nbn:de:0009-29-44408 %P 163-177Download
Bibtex
@Article{spindler2016, author = "Spindler, Gerald and Schmechel, Philipp", title = "Personal Data and Encryption in the European General Data Protection Regulation", journal = "JIPITEC", year = "2016", volume = "7", number = "2", pages = "163--177", keywords = "Advocate General; Anonymisation; Data Protection; ECJ; Encryption; GDPR; Material Scope; Personal Data; Pseudonymisation; Secure Multiparty Computation", abstract = "Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation's relevant provisions regarding encryption -- such as those for anonymisation and pseudonymisation -- and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR's material scope.", issn = "2190-3387", url = "http://nbn-resolving.de/urn:nbn:de:0009-29-44408" }Download
RIS
TY - JOUR AU - Spindler, Gerald AU - Schmechel, Philipp PY - 2016 DA - 2016// TI - Personal Data and Encryption in the European General Data Protection Regulation JO - JIPITEC SP - 163 EP - 177 VL - 7 IS - 2 KW - Advocate General KW - Anonymisation KW - Data Protection KW - ECJ KW - Encryption KW - GDPR KW - Material Scope KW - Personal Data KW - Pseudonymisation KW - Secure Multiparty Computation AB - Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope. SN - 2190-3387 UR - http://nbn-resolving.de/urn:nbn:de:0009-29-44408 ID - spindler2016 ER -Download
Wordbib
<?xml version="1.0" encoding="UTF-8"?> <b:Sources SelectedStyle="" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" > <b:Source> <b:Tag>spindler2016</b:Tag> <b:SourceType>ArticleInAPeriodical</b:SourceType> <b:Year>2016</b:Year> <b:PeriodicalTitle>JIPITEC</b:PeriodicalTitle> <b:Volume>7</b:Volume> <b:Issue>2</b:Issue> <b:Url>http://nbn-resolving.de/urn:nbn:de:0009-29-44408</b:Url> <b:Pages>163-177</b:Pages> <b:Author> <b:Author><b:NameList> <b:Person><b:Last>Spindler</b:Last><b:First>Gerald</b:First></b:Person> <b:Person><b:Last>Schmechel</b:Last><b:First>Philipp</b:First></b:Person> </b:NameList></b:Author> </b:Author> <b:Title>Personal Data and Encryption in the European General Data Protection Regulation</b:Title> <b:Comments>Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.</b:Comments> </b:Source> </b:Sources>Download
ISI
PT Journal AU Spindler, G Schmechel, P TI Personal Data and Encryption in the European General Data Protection Regulation SO JIPITEC PY 2016 BP 163 EP 177 VL 7 IS 2 DE Advocate General; Anonymisation; Data Protection; ECJ; Encryption; GDPR; Material Scope; Personal Data; Pseudonymisation; Secure Multiparty Computation AB Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope. ERDownload
Mods
<mods> <titleInfo> <title>Personal Data and Encryption in the European General Data Protection Regulation</title> </titleInfo> <name type="personal"> <namePart type="family">Spindler</namePart> <namePart type="given">Gerald</namePart> </name> <name type="personal"> <namePart type="family">Schmechel</namePart> <namePart type="given">Philipp</namePart> </name> <abstract>Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.</abstract> <subject> <topic>Advocate General</topic> <topic>Anonymisation</topic> <topic>Data Protection</topic> <topic>ECJ</topic> <topic>Encryption</topic> <topic>GDPR</topic> <topic>Material Scope</topic> <topic>Personal Data</topic> <topic>Pseudonymisation</topic> <topic>Secure Multiparty Computation</topic> </subject> <classification authority="ddc">340</classification> <relatedItem type="host"> <genre authority="marcgt">periodical</genre> <genre>academic journal</genre> <titleInfo> <title>JIPITEC</title> </titleInfo> <part> <detail type="volume"> <number>7</number> </detail> <detail type="issue"> <number>2</number> </detail> <date>2016</date> <extent unit="page"> <start>163</start> <end>177</end> </extent> </part> </relatedItem> <identifier type="issn">2190-3387</identifier> <identifier type="urn">urn:nbn:de:0009-29-44408</identifier> <identifier type="uri">http://nbn-resolving.de/urn:nbn:de:0009-29-44408</identifier> <identifier type="citekey">spindler2016</identifier> </mods>Download
Full Metadata
Bibliographic Citation | 7 (2016) 2 |
---|---|
Title |
Personal Data and Encryption in the European General Data Protection Regulation (eng) |
Author | Gerald Spindler, Philipp Schmechel |
Language | eng |
Abstract | Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope. |
Subject | Advocate General, Anonymisation, Data Protection, ECJ, Encryption, GDPR, Material Scope, Personal Data, Pseudonymisation, Secure Multiparty Computation |
DDC | 340 |
Rights | DPPL |
URN: | urn:nbn:de:0009-29-44408 |