When is personal data “about” or “relating to” an individual? A comparison of Australian, Canadian, and EU data protection and privacy laws

Normann Witzleb, Julian Wagner

Research output: Contribution to journalArticleResearchpeer-review

Abstract

The definition of “personal information” or “personal data” is foundational to the
application of data protection laws. One aspect of these definitions is that the information must be linked to an identifiable individual, which is incorporated in the requirement that the information must be “about” or “relating to” an individual. This article examines this requirement in light of recent judicial and legislative developments in Australia, Canada and the European Union. In particular, it contrasts the decisions rendered by the Federal Court of Australia in Privacy Commissioner v Telstra Corporation Ltd and by the European Court of Justice decisions in Scarlet Extended and Patrick Breyer v Bundesrepublik Deutschland as well as the new General Data Protection Regulation with Canadian law. This article also compares how the three jurisdictions deal with the vexed issue of IP addresses as personal information where the connection between the IP address and a particular individual often raises particular problems.
Original languageEnglish
Pages (from-to)293-329
Number of pages37
JournalCanadian Journal of Comparative and Contemporary Law
Volume4
Issue number1
Publication statusPublished - 2018

Keywords

  • data protection
  • privacy
  • personal information
  • Australian law
  • EU law
  • Canadian law

Cite this

@article{d166eece2d614a1889658763c059afaf,
title = "When is personal data “about” or “relating to” an individual? A comparison of Australian, Canadian, and EU data protection and privacy laws",
abstract = "The definition of “personal information” or “personal data” is foundational to theapplication of data protection laws. One aspect of these definitions is that the information must be linked to an identifiable individual, which is incorporated in the requirement that the information must be “about” or “relating to” an individual. This article examines this requirement in light of recent judicial and legislative developments in Australia, Canada and the European Union. In particular, it contrasts the decisions rendered by the Federal Court of Australia in Privacy Commissioner v Telstra Corporation Ltd and by the European Court of Justice decisions in Scarlet Extended and Patrick Breyer v Bundesrepublik Deutschland as well as the new General Data Protection Regulation with Canadian law. This article also compares how the three jurisdictions deal with the vexed issue of IP addresses as personal information where the connection between the IP address and a particular individual often raises particular problems.",
keywords = "data protection, privacy, personal information, Australian law, EU law, Canadian law",
author = "Normann Witzleb and Julian Wagner",
year = "2018",
language = "English",
volume = "4",
pages = "293--329",
journal = "Canadian Journal of Comparative and Contemporary Law",
issn = "2368-4046",
number = "1",

}

TY - JOUR

T1 - When is personal data “about” or “relating to” an individual? A comparison of Australian, Canadian, and EU data protection and privacy laws

AU - Witzleb, Normann

AU - Wagner, Julian

PY - 2018

Y1 - 2018

N2 - The definition of “personal information” or “personal data” is foundational to theapplication of data protection laws. One aspect of these definitions is that the information must be linked to an identifiable individual, which is incorporated in the requirement that the information must be “about” or “relating to” an individual. This article examines this requirement in light of recent judicial and legislative developments in Australia, Canada and the European Union. In particular, it contrasts the decisions rendered by the Federal Court of Australia in Privacy Commissioner v Telstra Corporation Ltd and by the European Court of Justice decisions in Scarlet Extended and Patrick Breyer v Bundesrepublik Deutschland as well as the new General Data Protection Regulation with Canadian law. This article also compares how the three jurisdictions deal with the vexed issue of IP addresses as personal information where the connection between the IP address and a particular individual often raises particular problems.

AB - The definition of “personal information” or “personal data” is foundational to theapplication of data protection laws. One aspect of these definitions is that the information must be linked to an identifiable individual, which is incorporated in the requirement that the information must be “about” or “relating to” an individual. This article examines this requirement in light of recent judicial and legislative developments in Australia, Canada and the European Union. In particular, it contrasts the decisions rendered by the Federal Court of Australia in Privacy Commissioner v Telstra Corporation Ltd and by the European Court of Justice decisions in Scarlet Extended and Patrick Breyer v Bundesrepublik Deutschland as well as the new General Data Protection Regulation with Canadian law. This article also compares how the three jurisdictions deal with the vexed issue of IP addresses as personal information where the connection between the IP address and a particular individual often raises particular problems.

KW - data protection

KW - privacy

KW - personal information

KW - Australian law

KW - EU law

KW - Canadian law

M3 - Article

VL - 4

SP - 293

EP - 329

JO - Canadian Journal of Comparative and Contemporary Law

JF - Canadian Journal of Comparative and Contemporary Law

SN - 2368-4046

IS - 1

ER -