The new The General regulations on data protection (GDPR in its initials in english, General Data Protection Regulation) represents a turning point on the rights of citizens with regard to the government of personal data and privacy of citizens.
GDPR entered into force in 2016 updating Data protection directive 1995, but the public administrations and companies have had a period of two years to adapt to the new legislation. On 25 may this year is over this period and GDPR will become fully applies not only in the member states, but also for any organization that capture, store or process personal data of european citizens, no matter where they are located.
According to GDPR, a personal data is any information that will serve to identify a natural person. This definition as open generates a number of doubts. With a professional email GDPR, an IP address or the information collected by cookies from a website is personal data. Not to mention all this data by wearables or sensors, linked to the Internet of things or Smart cities – provided they identify a person —.
Some personal data may include information of great value to the citizens and businesses, but its reutilizadoras open publication can threaten privacy. According to GDPR, european citizens must give their consent “ clear ” to use your personal data. Therefore, unable to publish for reuse any personal data without the consent of those affected. It Is important to emphasise that this situation was already reflected in the Data protection act spanish – in particular in article 6.1-, by which it is not a great change.
However, there are exceptions that allow the publication of personal data:
If there are legitimate grounds for publication. For example, in the case of a judicial ruling.
If data had been. The anonymized anonimización is a process of disassociation through which data are de-link of the person to which they belong, so that they be “ personal data ”. That is, to delete data that can identify an individual or replaced by generic variables, such as postal districts, age groups, levels of education, etc. As we have seen, GDPR only applies to personal data, and if something is staff is no longer subject to this regulation.
The anonimización is a good resource for maintaining the value of open, allowing for different treatments (such as analysis and statistics), but it also has its risks. We must not confuse anonimización with pseudoanonimización, where they hide the identity, but is left a trail that can identify the citizen. The anonimización must ensure that cannot be to reunite the information on a specific individual by inference from non-personal data in a set of open data.
In the current context, the privacy is an inevitable concern when we talk about open database. To ensure the legislation it is important to regulate and monitor the flow of data so that the privacy and freedom of information, and the interests of citizens made map and re-users of data to be balanced. This way we will promote the economy linked to the reuse of data, generating new products and services which add value to society, and respecting the rights of citizens.