D is for personal Data
We all hear more and more about personal data, both within Cozy and outside of it.
But what exactly is personal data?
The CNIL (“Commission nationale de l'informatique et des libertés”, an independent French administrative regulatory body whose mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data) gives a simple and clear definition.
Personal data: Any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number (e.g. social security number) or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (e.g. name and first name, date of birth, biometrics data, fingerprints, DNA…)
There are even examples. That always makes things simpler!
Some cases are less clear-cut – for example, biometrics data besides fingerprints, such as the image of the retina or the shape of the face (how the iPhone X authenticates its user). There is also a discussion on whether an IP address (the address of your computer or workstation on a network) is a personal data.
The thorny problem of combined data
Another issue is that multiple non-personal data taken together can become personal.
Again, an example will clarify things: The name of the city where I live (Paris) is not a personal data, because it does not directly or indirectly enable anyone to identify me. Nor do my profession, my place of birth, my year of birth, or the date I got my driving license. However, the combination is personal: taken together, all this information does make it possible to identify me indirectly.
Personal data in a world where everything is connected
Digital technologies are everywhere. As a result, each individual generates a lot of data by browsing the Internet, visiting websites, using a smartphone, etc. The combination of these data reveals a lot about each of us: our habits, our tastes, our faults.
The field of personal data covers much more than is usually imagined at the outset.
That is why it is very important to protect our data, even if you think the individual items are harmless.