The Scope of the Personal Data Concept in Russia
Abstract
Personal data as an institution is gaining increasing attention on the part of both public authorities, business structures and private individuals as subjects of personal data. Meanwhile, an efficient and successful usage of the tools provided by this institution directly depends on whether the scope of the personal data concept can be unambiguously defined. The paper describes the main problems resulting from a lack of uniform approach, makes a case for a cross-jurisdictional approach to interpretation of the concept of personal data, and identifies four main criteria which can provide a basis for a procedure for assessing whether certain information amounts to personal data: information, relevance, definability and subject criteria. In assuming a single source of the institution’s regulation across jurisdictions, the cross-jurisdictional approach to interpretation of the concept of personal data allows to follow the best international practices to define the scope of the personal data concept. In this paper, the cross-jurisdictional approach was successfully applied with respect to the European law and international law instruments. The information and subject criteria set the constraints on the assessment of whether information amounts to personal data from the perspective of object and subject, respectively. In assessing the relevance of information as personal data, the relevance and the definability criteria allow to account for the context in terms of content, purpose pursued and results achieved. The proposed criteria applicable to information, relevance, definability and subject, being universal, allow to unambiguously determine the scope of personal data concept at the level of regulation, enforcement and compliance, as well as exercise of rights envisaged by the regulation in question. The said criteria also contribute the development of uniform terminology in the research community to ensure comparability of research concerning personal data through an overarching approach to the scope of this concept.
References
Bachilo I.L. et al. (2006) Personal data in the structure of information resources. Principles of regulation. Minsk: Bellitfond, 474 p. (in Russ.)
Burkova А.Yu. (2015) Defining the concept of personal data. Pravo i ekonomika=Law and Economics, no. 4, pp. 20–24 (in Russ.)
Dmitrik N.А. (2020) The history, meaning and prospects of the institution of personal data. Vestnik grazhdanskogo prava=Bulletin of Civil Law, no. 3, pp. 43–82 (in Russ.) DOI: https://doi.org/10.24031/1992-2043-2020-20-3-43-82
Greenleaf G. (2021) Global Data Privacy Laws 2021: Despite COVID Delays, 145 Laws Show GDPR Dominance. 169 Privacy Laws & Business International Report. UNSW Law Research Paper No. 21-60 Available at: URL: SSRN: https://ssrn.com/abstract=3836348 (accessed: 03.03.2023) DOI: https://doi.org/10.2139/ssrn.3836348
Greenleaf G. (2022) Now 157 Countries: Twelve Data Privacy Laws in 2021/22. 176 Privacy Laws & Business International Report. UNSW Law Research, Available at: URL: SSRN: https://ssrn.com/abstract=4137418 (accessed: 10.03.2023)
Mayer J. et al. (2016) Evaluating the Privacy Properties of Telephone Metadata. Stanford University. 1 March 2016. Available at: URL: http://www.pnas.org/content/113/20/5536 (accessed: 03.03.2023) DOI: https://doi.org/10.1073/pnas.1508081113
Miraev А.G. (2019)The concept of personal data in Russia and European Union. Yuridicheskaya nauka=Legal Science, no. 5, pp. 72–83 (in Russ.)
Naumov V.B., Аrkhipov V.V. (2016) The concept of personal data: interpretation in the context of information and communication technologies progress. Rossiyskiy juridicheskiy zhurnal=Russian Law Journal, no. 2, pp. 186–196 (in Russ.)
Nissenbaum H. (2004) Privacy as contextual integrity. Washington Law Review, vol. 79, issue 1, pp. 119–158.
Rozhkova М. et al. (2021) Personal and non-personal data. Legal aspects of digital technologies used in business operations. Moscow: Statut, pp. 127–133 (in Russ.)
Saveliev А.I. (2020) The civil law aspects of data regulation in the context of attempts to build a digital economy. Vestnik grazhdanskogo prava=Bulletin of Civil War, no. 1, pp. 60–92 (in Russ.) DOI: https://doi.org/10.24031/1992-2043-2020-20-1-60-92
Saveliev А.I. (2021) The article-by-article commentary to the law on personal data. Moscow: Statut, 258 p. (in Russ.)
Saveliev А.I. (2018) Big data regulation and privacy protection in a new economic reality. Zakon=Law, no. 5, pp. 122–144 (in Russ.)
Solove D. (2022) Data is what data does: regulating use, harm, and risk instead of sensitive data. Available at: URL: SSRN: https://ssrn.com/abstract=4322198 (accessed: 03.03.2023) DOI: https://doi.org/10.2139/ssrn.4322198
Solow-Niederman A. (2021) Information Privacy and the Inference Economy. Available at: URL: SSRN: https://ssrn.com/abstract=3921003 (accessed: 10.03.2023) DOI: https://doi.org/10.2139/ssrn.3921003
Stepanov А.А. (2020) The content of personal date in the legislation of Russia and European Union. Obrazovaniye i pravo=Education and Law, no. 9, pp. 92–99 (in Russ.)
Syrykh V.М. (2012) The history and methodology of jurisprudence: a manual. Moscow: Norma, 464 p. (in Russ.)
Authors who publish with this journal agree to the Licensing, Copyright, Open Access and Repository Policy.