Drücke „Enter”, um zum Inhalt zu springen.
Hinweis zu diesem Datenschutz-Blog:
Anscheinend verwenden Sie einen Werbeblocker wie uBlock Origin oder Ghostery, oder einen Browser, der bestimmte Dienste blockiert.
Leider wird dadurch auch der Dienst von VG Wort blockiert. Online-Autoren haben einen gesetzlichen Anspruch auf eine Vergütung, wenn ihre Beiträge oft genug aufgerufen wurden. Um dies zu messen, muss vom Autor ein Dienst der VG Wort eingebunden werden. Ohne diesen Dienst geht der gesetzliche Anspruch für den Autor verloren.

Ich wäre Ihnen sehr verbunden, wenn Sie sich bei der VG Wort darüber beschweren, dass deren Dienst anscheinend so ausgeprägt ist, dass er von manchen als blockierungswürdig eingestuft wird. Dies führt ggf. dazu, dass ich Beiträge kostenpflichtig gestalten muss.

Durch Klick auf folgenden Button wird eine Mailvorlage geladen, die Sie inhaltlich gerne anpassen und an die VG Wort abschicken können.

Nachricht an VG WortMailtext anzeigen

Betreff: Datenschutzprobleme mit dem VG Wort Dienst(METIS)
Guten Tag,

als Besucher des Datenschutz-Blogs Dr. DSGVO ist mir aufgefallen, dass der VG Wort Dienst durch datenschutzfreundliche Browser (Brave, Mullvad...) sowie Werbeblocker (uBlock, Ghostery...) blockiert wird.
Damit gehen dem Autor der Online-Texte Einnahmen verloren, die ihm aber gesetzlich zustehen.

Bitte beheben Sie dieses Problem!

Diese Nachricht wurde von mir persönlich abgeschickt und lediglich aus einer Vorlage generiert.
Wenn der Klick auf den Button keine Mail öffnet, schreiben Sie bitte eine Mail an info@vgwort.de und weisen darauf hin, dass der VG Wort Dienst von datenschutzfreundlichen Browser blockiert wird und dass Online Autoren daher die gesetzlich garantierten Einnahmen verloren gehen.
Vielen Dank,

Ihr Klaus Meffert - Dr. DSGVO Datenschutz-Blog.

PS: Wenn Sie meine Beiträge oder meinen Online Website-Check gut finden, freue ich mich auch über Ihre Spende.
Ausprobieren Online Webseiten-Check sofort das Ergebnis sehen

Data Protection: What is personal data?

0
Was sind personenbezogene Daten?
Dr. DSGVO Newsletter detected: Extended functionality available
More articles · Website-Checks · Live Offline-AI
📄 PDF for this post
📄 Article as PDF (only for newsletter subscribers)
🔒 Premium-Funktion
Der aktuelle Beitrag kann in PDF-Form angesehen und heruntergeladen werden

📊 Download freischalten
Der Download ist nur für Abonnenten des Dr. DSGVO-Newsletters möglich

Which data is person-related and why cookies are always person-related, regardless of cookie values, is the subject of this contribution. A personal reference exists more often than many think. Personal data so to speak colors other data and makes them into data with a personal reference.

Introduction

Personal data are those that suggest a person. So, for example, a person's name together with their address (street, house number, zip code, city, country, planet, galaxy designation) is a personal data value. By the way, often instead of data value date is spoken. Date is the singular form of data.

The name of a person along with their address establishes a direct personal reference. But also data that indirectly suggests a person are personally related. This is clearly evident from Art. 4 No. 1 GDPR. The GDPR does not speak of direct or indirect personal reference, but of identified or identifiable persons.

A person is identifiable as soon as it is objectively possible for oneself or with the help of third parties to establish a personal link. Third parties can, for example, be telecommunications service providers, intelligence agencies or authorities. It does not matter whether these third parties are currently being asked by you for personal data. The objective possibility suffices. For example, such a possibility can be opened up through law enforcement. This had been established by the ECJ in its judgment of 19 October 2016 – C-582/14("Breyer", IP addresses are personal data).

In addition, the EU Article 29 Group has determined that a person is also considered identifiable if they can be distinguished from other persons in a group of people. This was articulated in the so-called Opinion 4/2007. The Article 29 Data Protection Group is the predecessor to the European Data Protection Board (EDPB) and is even mentioned in Article 94 GDPR. It therefore has significant relevance.

When is a person directly identifiable?

Above I have already given an example with a person's name along with their address. This data set allows for a complete, direct identification of a person. All data that directly points to a person makes this person directly identifiable.

If in an AA self-help group one person has grey hair and the others have no grey hair, then that one person would be distinguishable from the others by the following data value: "The person in question is in this group and has grey hair".

But that person would still not be directly identified with it. Because when I see someone in front of me, I usually don't know who this person is, what their name is, and where they reside.

However, it could be that a person suffers damage because someone mishandles their data without knowing where the person lives. Here the question arises whether it is then sufficient to have the person in front of you personally to have a direct personal reference. I will not go into this question any further here. This would be an investigation worth its own, which perhaps could only be written by a lawyer.

What is an indirect personal reference?

If therefore a direct personal reference is denied, there often is an indirect personal reference. This is always to be affirmed when there is an objective possibility of identifying the person completely.

The example of the grey-haired person in the group of anonymous alcoholics shows that there is at least an indirect personal reference. Because if the grey-haired one commits a crime within the group, it can be determined during the investigation who exactly the grey-haired one is. So the date "person in the group is grey-haired" is a personal data (of course in the mentioned context). Because objectively there is the possibility that

  1. The grey-haired person will commit a crime
  2. The investigative possibilities in Germany allow for the person to be fully identified on suspicion of committing a crime.

One could identify the grey-haired person without a crime, for example, when the person drives a car that is registered in their name and has driven it to the meeting of the self-help group. On a vehicle, according to road traffic regulations, a vehicle registration mark must be affixed (possibly there are vehicles on which this does not apply, but that's not what we're talking about here). The license plate is again assigned to the person, namely their name and address, in a unique way. The traffic authority knows this assignment. If the vehicle is now involved in an accident, the owner can be identified. An accident is usually no crime. It could even be that the grey-haired driver of the self-help group was not guilty of the accident at all. The person responsible for the accident must have the address data of the grey-haired woman anyway to ensure a proper accident handling. Even something like flight from the driver wants the person responsible for the accident to avoid and writes down the license plate number of the damaged vehicle in case they are not found at their car.

If someone can theoretically get involved in an accident, then every person you encounter is ultimately identifiable. Thus, each data value would be a personal data point for a person who is physically near you. This applies at least to people surfing the internet. See below under "Cookies". If you call someone and this person speaks with you from their private connection or own smartphone, all data about your conversation partner are also personal data. The GDPR only applies if data are stored or processed automatically (see Art. 2 Sec. 1 GDPR). As far as I know, the signal transmission on phones is automated.

In addition, it is probably possible to track a person within the law to find out where they went. Maybe even to their home address. That's just for inspiration.

Even a person's location can make them identifiable. One only has to think of the GPS signal from their smartphone. I once read somewhere that a female offender was caught because her Google account was evaluated. In my smartphone the GPS signal is almost always switched off (but not, because I would intend to commit a crime, but because it displeases me if someone knows where I am or have been on the basis of electronic signals).

Cookies

Read full article now via free Dr. GDPR newsletter.
More extras for subscribers:
Offline-AI · Free contingent+ for Website-Checks
Already a subscriber? Click on the link in the newsletter & refresh this page.
Subscribe to Newsletter
About the author on dr-dsgvo.de
My name is Klaus Meffert. I have a doctorate in computer science and have been working professionally and practically with information technology for over 30 years. I also work as an expert in IT & data protection. I achieve my results by looking at technology and law. This seems absolutely essential to me when it comes to digital data protection. My company, IT Logic GmbH, also offers consulting and development of optimized and secure AI solutions.

YouTube Plugin: Even with nocookie add-on, cookies are set, consent always necessary