Skip to content

How Technological Advances in the Big Data Era Make it Impossible to Define the ‘Personal’ in GDPR’s ‘Personal Data’

Jeffrey Bholasing


In the EU processing of personal data is subject to strict regulations that are laid out in the GDPR. The GDPR definition of personal data is: any information relating to an identified or identifiable natural person. Hence, if the definition applies, that data falls under the realm of the GDPR. If data is anonymised however, and as such does not constitute ‘personal data’, GDPR regulations are not applicable. This makes the definition of personal data very important. Or better yet, determining when, according to the GDPR, data should be seen as personal data. This approach of the GDPR, where data is either in scope of the regulation or not, can be considered a binary or ‘black and white’ approach to the applicability of the Regulation. This article describes the advances in technology of the big data era and how these advances make it impossible to adequately make the distinction between data and personal data. It focusses on the definition of personal data and discusses the shortcomings of the binary approach. Specific attention is paid to recital 26 GDPR, which provides some guidance to determine whether a natural person is identifiable. The difficulty of the binary approach in the definition of personal data is presented against the background of the technological developments of the last decades and in the years to come (the big data era), as these development challenge the adequate demarcation of personal data even further and demand for a better approach. The article concludes with reflections on what will be a sustainable approach for the demarcation of the scope of data protection and as such a maintainable and preferable basis for privacy protection in the future. A risk based approach is suggested in which different degrees of re-identifiability are recognized, as opposed as a too simplistic binary approach.
Keywords: Anonymisation | Big Data | Data Elimination | Definition | GDPR | Personal Data

PhD Candidate, Vrije Universiteit Amsterdam. For Correspondence: <>


Lx-Number Search

(e.g. A | 000123 | 01)

Export Citation