Do They Know Me? Deconstructing Identifiability

27 Pages Posted: 2 May 2011

See all articles by Ronald E. Leenes

Ronald E. Leenes

Tilburg Law School; Tilburg Institute for Law, Technology, and Society; Tilburg University

Multiple version iconThere are 2 versions of this paper

Date Written: 2007

Abstract

Data protection regulation aims to protect individuals against misuse and abuse of their personal data, while at the same time allowing businesses and governments to use personal data for legitimate purposes. Collisions between these aims are prevalent in practices such as profiling and behavioral targeting. Many online service providers claim not to collect personal data. Data protection authorities and privacy scholars contest this claim or raise serious concerns. This paper argues that part of the disagreement in the debate stems from a conflation of distinct notions of identifiability in current definitions and legal provisions regarding personal data. As a result, the regulation is over- and under-inclusive, addresses the wrong issues, and leads to opposition by the industry. In this paper I deconstruct identifiability into four subcategories: L-, R-, C- and S-identifiability. L-identifiability (look-up identifiability) allows individuals to be targeted in the real world on the basis of the identifier, whereas this is not the case in the other three. R-identifiability (recognition) can be further decomposed into C-type (classification) identifiability, which relates to the classification of individuals as being members of some set, and S-type (session) identifiability, which is a technical device. Distinguishing these types helps in unraveling the complexities of the issues involved in profiling, dataveillance, and other contexts. L-, R-, and C-type identification occur in different domains, and their goals, relations, issues, and effects differ. This paper argues that the different types of identifiability should be treated differently and that the regulatory framework should reflect this.

Keywords: identification, identifiability, privacy, data protection, profiling

JEL Classification: K00, K39

Suggested Citation

Leenes, Ronald E. and Leenes, Ronald E., Do They Know Me? Deconstructing Identifiability (2007). University of Ottawa Law & Technology Journal, Vol. 4, Nos. 1-2, p. 135, 2007, Available at SSRN: https://ssrn.com/abstract=1825317

Ronald E. Leenes (Contact Author)

Tilburg Law School ( email )

Tilburg, 5000 LE
Netherlands

Tilburg Institute for Law, Technology, and Society

NL-5000 LE Tilburg
Netherlands

Tilburg University ( email )

P.O. Box 90153
Tilburg, DC Noord-Brabant 5000 LE
Netherlands

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
252
Abstract Views
1,471
Rank
220,759
PlumX Metrics