Identifying Personal Data Using Relational Database Design Principles

International Journal of Law and Information Technology, Vol. 17, No. 3, Autumn 2009

Posted: 3 Nov 2008 Last revised: 30 Nov 2009

See all articles by Bostjan Bercic

Bostjan Bercic

Institute for Economics, Law and Informatics

Carlisle E. George

Middlesex University

Abstract

The European Union (EU) directive on personal data and resulting data protection legislation of EU member states, require from data controllers, a notification of their activities to the appropriate supervisory authority. Included in this notification is also a description of the data or categories of data which are processed. Legislation in some EU member states (e.g. Slovenia) require that not only a description but also a concrete list of personal data attributes need to be included in this notification. In such cases, it is sometimes difficult to ascertain in concreto whether some collected attribute represents personal data (and should therefore be included in the list of attributes) or whether it is a non-personal attribute. Similarly, under the EU directive data, subjects have various rights, including the right to access their data, and data controllers are sometimes faced with the problem of determining whether various data items constitute personal data. Further, the impending case in the European Court of Human Rights, arising out of the decision of the UK case of Durant v Financial Services Authority (which narrowed the scope of personal data) has added some uncertainty as to the interpretation of the EU directive. In view of the legal uncertainty regarding what constitutes personal data, this paper examines whether relational database design principles can be applied to identifying personal data. Using this novel approach, the paper explores various parallels between personal data identification and principles of relational database design. The paper thus makes a novel contribution to the ongoing uncertainty in data protection law. The paper also discusses the wider issue of applying computing/scientific principles to interpreting the law, and comments on the success of the approach taken.

Keywords: Data protection, database design principles

Suggested Citation

Bercic, Bostjan and George, Carlisle E., Identifying Personal Data Using Relational Database Design Principles. International Journal of Law and Information Technology, Vol. 17, No. 3, Autumn 2009, Available at SSRN: https://ssrn.com/abstract=1294663

Bostjan Bercic

Institute for Economics, Law and Informatics ( email )

Celovaka 136,
SI-1000
Ljubljana
Slovenia

HOME PAGE: http://www.ipri-zavod.si/news.php

Carlisle E. George (Contact Author)

Middlesex University ( email )

The Burroughs
London, NW4 4BT
United Kingdom

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
574
PlumX Metrics