When is personal data “about” or “relating to” an individual? A comparison of Australian, Canadian, and EU data protection and privacy laws

Normann Witzleb, Julian Wagner

Research output: Contribution to journalArticleResearchpeer-review

Abstract

The definition of “personal information” or “personal data” is foundational to the
application of data protection laws. One aspect of these definitions is that the information must be linked to an identifiable individual, which is incorporated in the requirement that the information must be “about” or “relating to” an individual. This article examines this requirement in light of recent judicial and legislative developments in Australia, Canada and the European Union. In particular, it contrasts the decisions rendered by the Federal Court of Australia in Privacy Commissioner v Telstra Corporation Ltd and by the European Court of Justice decisions in Scarlet Extended and Patrick Breyer v Bundesrepublik Deutschland as well as the new General Data Protection Regulation with Canadian law. This article also compares how the three jurisdictions deal with the vexed issue of IP addresses as personal information where the connection between the IP address and a particular individual often raises particular problems.
Original languageEnglish
Pages (from-to)293-329
Number of pages37
JournalCanadian Journal of Comparative and Contemporary Law
Volume4
Issue number1
Publication statusPublished - 2018

Keywords

  • data protection
  • privacy
  • personal information
  • Australian law
  • EU law
  • Canadian law

Cite this