Main Categories | Law | Critique of Data Protection

C.03 All or Nothing

 

The GDPR follows an "all or nothing" approach:

 

►  If there is personal data, all rules of data protection law apply.

 

►  If there is no personal, there is no regulation.

 

This approach is undifferentiated. The different protection needs of individuals are hardly taken into account due to the focus on "the data". The subdivision into personal data, data of a child (Art. 8 GDPR) and special categories of data (Art. 9 GDPR) only measures the different need for protection in a very lumbering way. Examples:

 

On the hand: Short-sightedness is sensitive health data under Art. 9 GDPR. Purpose and context of data use do not play a role for this qualification as sensitive data, although it makes a huge difference if you do not get a job as a pilot because of your short-sightedness or if get ads by an optician because of your short-sightedness.

 

On the other hand: Credit card data is not qualitfied as sensitive data under Art. 9 GDPR.

 

By extending the concept of personal reference (e.g. to IP addresses), the characteristic "personal reference" loses its power of attribution on the one hand, since there is almost no longer any non-personal data. On the other hand, certain uses relevant to fundamental rights are not covered if anonymous data are used to enable the re-identification of data subjects or to discriminate against certain groups of persons.

Authors
Winfried Veil
Related Tiles (0)
Social Media
Last update: 2021-06-05 12:03:03
By: Winfried Veil
Created at: 2021-06-05 12:02:19