Interpretation of Location data and Traffic data - only in context of ePrivacy?
#11
-
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi @pendzel , I agree with your depiction that In this context, to answer your questions: Should we treat GPS data computed on IoT devices automaticly as Privacy Asset / Personal Information? Example 1: A Bluetooth beacon collects the GPS position of an item (eg, cargo, hospital beds). As long as this data cannot be traced back to a person, this should not be considered Example 2: The dog tracker is a tricky case. In my opinion, this could arguably be considered actually [Edit] In my opinion, this example is somewhat similar to the case of smart meters. At first glance, no personal information information is collected. However, "power data usage patterns obtained from smart meters can reveal much more than how much power is being used: the use of household appliances is an indicator of human behaviour, and allows for the identification of individuals. The operation of smart meters therefore entails the processing of ‘personal data’ and needs to be in line with the EU’s GDPR." (European Data Protection Supervisor) Tip I would recommend the following steps when conducting a risk assessment in the context of EN 18031 (when focusing on personal information, it is often referred to as a "privacy impact assessment"):
Regarding I hope this answers your questions. Guillaume |
Beta Was this translation helpful? Give feedback.

Hi @pendzel ,
Thank you for sharing your checklist on this topic.
I agree with your depiction that
personal data,location dataandtraffic dataare a subset ofpersonal information. EN 18031 definespersonal data,location dataandtraffic databy referring to their respective directive (GDPR, ePrivacy). Hence, these types of data are only relevant for the RED DA/EN 18031 when they relate to a person.In this context, to answer your questions: Should we treat GPS data computed on IoT devices automaticly as Privacy Asset / Personal Information?
→ No, I would not consider all location data as privacy asset, but only the one relating to a person or which can relate to a person.
Example 1: A…