The EU GDPR is a contemporary set of rules that aims to strengthen protections for personal data and to ensure consistency of such protections across the EU. The control builds upon the EU’s existing 1995 Data Protection Directive, an crucial set of laws that predates ubiquitous smart phones and the advance of social media and other online services (search, email, etc.) that companies offer free-of-charge to users, but finance with data-driven targeted advertising. The EU regulation expands the directive’s privacy protections and introduces new safeguards in return to these technological developments.
In the digital age, everything a person does online generates or implicates goods that can be highly revealing about their private life. The GDPR affirm new ways people can protect their personal data, and by extension their privacy and other human rights. It gives everyone more control, and crave businesses, governments, and other organizations to confess more about their data practices, and regulates the way they collect, process, and accumulation people’s data.
Persona data is defined broadly under the GDPR to include “any clue relating to an identified or identifiable person.” Thus, even goods that does not directly identify a named person, but could still help identify them, is still capped by the law. This definition encompasses online and appliance identifiers (like IP addresses, cookies, or device IDs), location data, user names, and pseudonymous data.