Personal Data Explained as Defined By the GDPR and the CCPA
Personal information serves as the foundation for the definitions and policies of European data privacy regulations. In Article 4, GDPR provides guidelines for defining personal information but does not provide a definitive list. As defined by the General Data Protection Regulation (GDPR), personal information provides identifying data of a natural person. The data can be related to identity, health, or financial information. Generally, personal data is any information that can be used to identify a specific person.
Requirements for the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. Like GDPR, the CCPA is broad in its definition of “personal information.” It defines it as personal information that “could reasonably be linked, directly or indirectly, with a particular consumer or household.”
You won’t find the word “household” in GDPR. It implies that personal information doesn’t have to be tied to a specific name or individual (think home address, home devices, geolocation data, home network IP addresses, and the like).
A related but slightly different term is PII (Personal Identifying Information). PII relates to data that by itself could lead to the identity of an individual. Examples would be a unique national identifier, passport, or driver’s license number.
What are some examples of personal information?
- First and last name
- Home address
- Email address that contains a first and last name email@example.com
- Identification cards
- Location data (for example the location data function on a mobile phone)
- Internet Protocol (IP) address
- A cookie ID
- the advertising identifier of your phone
- Data held by a hospital or doctor, which could be a symbol that uniquely identifies a person