Defining 'personal data'


Ultimately, OpenPD comes down to protecting personal data. But what is ‘personal data’? This thread is meant to facilitate discussion about how this term should be defined in OpenPD 0.1.

I don’t like the definition of “any piece of information able to identify the user,” because aggregated geographic heatmaps, for example, should also be protected under OpenPD. (Typically this couldn’t be used to identify users, but imagine if there was a little speck in a rainforest that could identify someone.)

Perhaps something to the extent of “any information created either by the user, about the user, as a direct result of action taken by the user, and any data based on such data (i.e. derivative data).” That’s not a legal definition, of course, but conveys the idea.

For all intents and purposes, user = data subject.