'From Knowing by Name to Personalisation: Meaning of Identification Under the GDPR' by Nadezhda Purtova comments
Despite its core role in the EU system of data protection, the meaning of identification remains unclear in the data protection law and scholarship with a spotlight focused on the legally relevant chance of identification, i.e. identifiability.
While Article 29 Working Party interpreted identification broadly, as distinguishing one in a group, this interpretation has been questioned in light of the EUCJ decision in Breyer. This paper tackles this uncertainty.
This paper offers an integrated socio-technical typology of identification where, in addition to the known identification types (look-up-, recognition-, session- and classification identification), personalisation is added as a new identification type, meaning a relatively unique characterisation where one is individualized by being mapped in relation to multiple dimensions within a multidimensional space.
The paper clarifies the legal meaning of identification under the GDPR. It proposes a contextual interpretation of Breyer, which negates Breyer’s restrictive potential and brings all identification types within the GDPR.
The paper concludes with a discussion of the implications of this reading of identification for data protection in terms the applicability of the GDPR to new data technologies and practices such as facial detection and non-tracking based targeted advertising, effects of certain privacy preserving technologies such as federated learning of cohorts, consequences for invoking data protection rights when identification is not possible, but also in terms of the need to clearly define the objectives of the data protection law.