The data taxonomy designed in the General Data Protection Regulation (GDPR) and the Free Flow Data Regulation (FFDR) seems lacking legal certainty for what concerns aggregate data. As a matter of fact, the legal framework considers it as non-personal data, albeit in the non-binding parts, even with the clear awareness that some risks persist. Moreover, the literal and contextual interpretation of the two Regulations confirms that the legal framework provided for aggregate data seems applying to entities performing that kind of processing in the public interest, but even to the one processing data in the private and business one. While the data aggregation performed in the public interest by public entities is punctually regulated with even other specific laws, the one performed in the private/business interest seems to be lacking clarity and transparency. This paper proposes a legal reasoning and argumentation on the issue, aimed at raising awareness on the importance to promote best practices on the models developed by the statistical scientific community and applied to the public sector, for avoiding data misuses and abuses in the private and business context.
Shedding light on the legal approach to aggregate data under the GDPR & the FFDR / Podda, Emanuela. - ELETTRONICO. - (2021), pp. 1-10. (Intervento presentato al convegno CONFERENCE OF EUROPEAN STATISTICIANS Expert Meeting on Statistical Data Confidentiality tenutosi a Poland nel 1-3 December 2021).
Shedding light on the legal approach to aggregate data under the GDPR & the FFDR
Podda, Emanuela
2021
Abstract
The data taxonomy designed in the General Data Protection Regulation (GDPR) and the Free Flow Data Regulation (FFDR) seems lacking legal certainty for what concerns aggregate data. As a matter of fact, the legal framework considers it as non-personal data, albeit in the non-binding parts, even with the clear awareness that some risks persist. Moreover, the literal and contextual interpretation of the two Regulations confirms that the legal framework provided for aggregate data seems applying to entities performing that kind of processing in the public interest, but even to the one processing data in the private and business one. While the data aggregation performed in the public interest by public entities is punctually regulated with even other specific laws, the one performed in the private/business interest seems to be lacking clarity and transparency. This paper proposes a legal reasoning and argumentation on the issue, aimed at raising awareness on the importance to promote best practices on the models developed by the statistical scientific community and applied to the public sector, for avoiding data misuses and abuses in the private and business context.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
