From knowing by name to personalisation: Meaning of identification under the GDPR

Research output: Contribution to journalArticleScientificpeer-review

Abstract

Despite its core role in the EU system of data protection, the notion of identification has been a neglected subject in the data protection law and scholarship. With a spotlight focused on the meaning of identifiability as a legally relevant possibility of identification, it remained unclear the possibility of what exactly is at issue. While Article 29 Working Party interpreted identification broadly, as distinguishing one in a group, this interpretation has been questioned in light of the EUCJ decision in Breyer, and the uncertainty remained. The issue tackled in this paper is the meaning of identification under the GDPR.
The contribution of the paper is three-fold. First, it offers an integrated typology of identification outside of the legal context. The typology builds on three socio-technical accounts of identification: four identifiability types by Leenes, seven types of identity knowledge by Marx, and anonymity as unreachability by Nissenbaum. Second, it identifies personalisation as a new identification type, i.e. a relatively unique characterization, where one is individualized by being mapped in relation to multiple dimensions within a multidimensional space. The argument builds on the literatures on calculated publics, profiling in recommender systems, agile methods of software development, price and content personalization. Third, it clarifies the meaning of identification under the GDPR. I propose a contextual interpretation of Breyer, which negates Breyer’s restrictive potential and brings all identification types within the GDPR. The paper discusses implications of this reading of identification for data protection law and research.
Original languageEnglish
JournalInternational Data Privacy Law
Publication statusSubmitted - 17 Feb 2021

Fingerprint

Dive into the research topics of 'From knowing by name to personalisation: Meaning of identification under the GDPR'. Together they form a unique fingerprint.

Cite this