In the Defence of Absolute Understanding of Personal Data Definition
| Název česky | Obrana objektivního chápání pojmu osobní údaj |
|---|---|
| Autoři | |
| Rok publikování | 2026 |
| Druh | Další prezentace na konferencích |
| Fakulta / Pracoviště MU | |
| Citace | |
| Přiložené soubory | |
| Popis | The concept of personal data has long been understood in absolute terms, as articulated by the Court of Justice of the European Union (CJEU) since Breyer (C-582/14) and subsequent judgments (C-479/22 P, C-604/22). Under this approach, data capable of leading to the identification of an individual—even indirectly or by someone else—was treated as personal data, reflecting the preventive teleology of GDPR. However, the recent CJEU judgment in EDPS v SRB (C-413/23?P), further supported by the recent Digital Omnibus Regulation Proposal, signals a possible shift toward a relative understanding, where the qualification of data as personal depends on the specific actor’s ability to identify the data subject. The paper examines the consequences of this shift from an absolute to a relative interpretation of personal data. It asks: What are the implications of adopting a relative concept of personal data within the EU data protection framework? The analysis proceeds in several stages: it first situates the concept of personal data within its teleological and normative context, then contrasts the established absolute approach with the emerging relative interpretation. The paper thereafter evaluates the potential consequences of this transition on two levels—systemic and practical. Systemically, the relative concept may blur the regulatory distinction between personal and non-personal data regimes, challenging legal certainty across data governance frameworks. In practice, it raises complex compliance questions, such as how a controller should assess their responsibilities when transferring pseudonymised data. The paper argues that a relative approach risks undermining the coherence of EU data protection law and weakening safeguards against indirect harms resulting from data misuse. Maintaining an absolute understanding is essential to uphold the preventive aims of GDPR, with a necessary condition that GDPR is interpreted thoroughly as a risk-based regulation with a strong emphasis on the principle of accountability of the data controller. |
| Související projekty: |