Identification in EU Data Protection Law

27 Pages Posted: 15 Jan 2021 Last revised: 19 Jan 2021

See all articles by David Erdos

David Erdos

University of Cambridge - Faculty of Law; Trinity Hall

Date Written: January 6, 2021

Abstract

Although the new EU data protection framework includes new pan-European limits based on notions of non-identification, these provisions cannot be construed in a sweeping or linear fashion. Non-identified data can only include information which is not being used to target a specific individual on- or offline and which does not readily and manifestly enable such pinpointing. Although GDPR controllers cannot generally be obliged to render such data identified, they must stand ready to do so to facilitate reactive subject rights. However, they have no design obligation to ensure this is easy. Identifying or authenticating whether a particular individual is a specific data subject and considering whether other data subjects are also linked to the information are separately regulated. With the exception of the GDPR rights to data portability and a copy of personal data, the latter is in principle left to national derogation. Regarding the former, both the GDPR and LED allow controllers to require further information where reasonably required to identify a claimant of reactive rights. However, controllers retain a fundamental duty to organise their processing to secure data obligations and rights. Controllers can generally only resist reactive rights claims where they can positively demonstrate that the request is manifestly excessive.

Keywords: AdTech, authentication, data protection by design, GDPR, identifiers, identification, Law Enforcement Directive, pseudonymization, rectification, right to object, right to erasure, scientific research, subject access, surveillance capitalism, profiling

Suggested Citation

Erdos, David, Identification in EU Data Protection Law (January 6, 2021). University of Cambridge Faculty of Law Research Paper No. 4/2021, Available at SSRN: https://ssrn.com/abstract=3761068 or http://dx.doi.org/10.2139/ssrn.3761068

David Erdos (Contact Author)

University of Cambridge - Faculty of Law ( email )

10 West Road
Cambridge, CB3 9DZ
United Kingdom

HOME PAGE: http://www.law.cam.ac.uk/people/academic/d-o-erdos/5972

Trinity Hall ( email )

University of Cambridge
Trinity Lane
Cambridge, CB2 1TJ
United Kingdom

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
287
Abstract Views
1,031
rank
124,232
PlumX Metrics