The Scope of the Personal  Data Concept in Russia

Kyrill Zyubanov

doi:10.17323/2713-2749.2023.1.53.76

Kyrill Zyubanov National Research University Higher School of Economics https://orcid.org/0000-0002-6752-0516

DOI: https://doi.org/10.17323/2713-2749.2023.1.53.76

Keywords: personal data, privacy, privacy protection, terminology, comparative analysis, information technologies, information law

Abstract

Personal data as an institution is gaining increasing attention on the part of both public authorities, business structures and private individuals as subjects of personal data. Meanwhile, an efficient and successful usage of the tools provided by this institution directly depends on whether the scope of the personal data concept can be unambiguously defined. The paper describes the main problems resulting from a lack of uniform approach, makes a case for a cross-jurisdictional approach to interpretation of the concept of personal data, and identifies four main criteria which can provide a basis for a procedure for assessing whether certain information amounts to personal data: information, relevance, definability and subject criteria. In assuming a single source of the institution’s regulation across jurisdictions, the cross-jurisdictional approach to interpretation of the concept of personal data allows to follow the best international practices to define the scope of the personal data concept. In this paper, the cross-jurisdictional approach was successfully applied with respect to the European law and international law instruments. The information and subject criteria set the constraints on the assessment of whether information amounts to
personal data from the perspective of object and subject, respectively. In assessing the relevance of information as personal data, the relevance and the definability criteria allow to account for the context in terms of content, purpose pursued and results achieved. The proposed criteria applicable to information, relevance, definability and subject, being universal, allow to unambiguously determine the scope of personal data concept at the level of regulation, enforcement and compliance, as well as exercise of rights envisaged by the regulation in question. The said criteria also contribute the development of uniform terminology in the research community to ensure comparability of research concerning personal data through an overarching approach to the scope of this concept.

Downloads

Download data is not yet available.

Author Biography

Kyrill Zyubanov, National Research University Higher School of Economics

Postgraduate Student

References

Bachilo I.L. et al. (2006) Personal data in the structure of information resources. Principles of regulation. Minsk: Bellitfond, 474 p. (in Russ.)

Burkova А.Yu. (2015) Defining the concept of personal data. Pravo i ekonomika=Law and Economics, no. 4, pp. 20–24 (in Russ.)

Dmitrik N.А. (2020) The history, meaning and prospects of the institution of personal data. Vestnik grazhdanskogo prava=Bulletin of Civil Law, no. 3, pp. 43–82 (in Russ.)

Greenleaf G. (2021) Global Data Privacy Laws 2021: Despite COVID Delays, 145 Laws Show GDPR Dominance. 169 Privacy Laws & Business International Report. UNSW Law Research Paper No. 21-60 Available at: URL: SSRN: https://ssrn.com/abstract=3836348 (accessed: 03.03.2023)

Greenleaf G. (2022) Now 157 Countries: Twelve Data Privacy Laws in 2021/22. 176 Privacy Laws & Business International Report. UNSW Law Research, Available at: URL: SSRN: https://ssrn.com/abstract=4137418 (accessed: 10.03.2023)

Mayer J. et al. (2016) Evaluating the Privacy Properties of Telephone Metadata. Stanford University. 1 March 2016. Available at: URL: http://www.pnas.org/content/113/20/5536 (accessed: 03.03.2023)

Miraev А.G. (2019)The concept of personal data in Russia and European Union. Yuridicheskaya nauka=Legal Science, no. 5, pp. 72–83 (in Russ.)

Naumov V.B., Аrkhipov V.V. (2016) The concept of personal data: interpretation in the context of information and communication technologies progress. Rossiyskiy juridicheskiy zhurnal=Russian Law Journal, no. 2, pp. 186–196 (in Russ.)

Nissenbaum H. (2004) Privacy as contextual integrity. Washington Law Review, vol. 79, issue 1, pp. 119–158.

Rozhkova М. et al. (2021) Personal and non-personal data. Legal aspects of digital technologies used in business operations. Moscow: Statut, pp. 127–133 (in Russ.)

Saveliev А.I. (2020) The civil law aspects of data regulation in the context of attempts to build a digital economy. Vestnik grazhdanskogo prava=Bulletin of Civil War, no. 1, pp. 60–92 (in Russ.)

Saveliev А.I. (2021) The article-by-article commentary to the law on personal data. Moscow: Statut, 258 p. (in Russ.)

Saveliev А.I. (2018) Big data regulation and privacy protection in a new economic reality. Zakon=Law, no. 5, pp. 122–144 (in Russ.)

Solove D. (2022) Data is what data does: regulating use, harm, and risk instead of sensitive data. Available at: URL: SSRN: https://ssrn.com/abstract=4322198 (accessed: 03.03.2023)

Solow-Niederman A. (2021) Information Privacy and the Inference Economy. Available at: URL: SSRN: https://ssrn.com/abstract=3921003 (accessed: 10.03.2023)

Stepanov А.А. (2020) The content of personal date in the legislation of Russia and European Union. Obrazovaniye i pravo=Education and Law, no. 9, pp. 92–99 (in Russ.)

Syrykh V.М. (2012) The history and methodology of jurisprudence: a manual. Moscow: Norma, 464 p. (in Russ.)