International Journal of Law and Information Technology

International Journal of Law and Information Technology Advance Access originally published online on May 19, 2008
International Journal of Law and Information Technology 2009 17(3):233-251; doi:10.1093/ijlit/ean007

This Article Full Text Full Text (PDF) All Versions of this Article: 17/3/233    most recent ean007v1 Alert me when this article is cited Alert me if a correction is posted Services Email this article to a friend Similar articles in this journal Alert me to new issues of the journal Add to My Personal Archive Download to citation manager Request Permissions Google Scholar Articles by Bercic, B. Articles by George, C. Social Bookmarking          What's this?

International Journal of Law and Information Technology Vol. 17 No. 3 © Oxford University Press 2008; all rights reserved

Identifying Personal Data Using Relational Database Design Principles¹

DR Botjan Beri

DR Carlisle George

Institute for Economics, Law and Informatics, Celovka 136, SI-1000 Ljubljana, Slovenia Email: bostjan.bercic{at}ipri-zavod.si
School of Computing Science, Middlesex University, The Burroughs, London, NW4 4BT, United Kingdom Email: c.george{at}mdx.ac.uk

	Abstract

The European Union (EU) directive on personal data and resulting data protection legislation of EU member states require from data controllers, a notification of their activities to the appropriate supervisory authority. Included in this notification is also a description of the data or categories of data which are processed. Legislation in some EU member states (e.g. Slovenia) require that not only a description but also a concrete list of personal data attributes needs to be included in this notification. In such cases it is sometimes difficult to ascertain in concreto whether some collected attribute represents personal data (and should therefore be included in the list of attributes) or whether it is a non-personal attribute. Similarly, under the EU directive data subjects have various rights, including the right to access their data, and data controllers are sometimes faced with the problem of determining whether various data items constitute personal data. Further, the impending case in the European Court of Human Rights arising out of the decision of the UK case of Durant v Financial Services Authority (which narrowed the scope of personal data) has added some uncertainty to the interpretation of the EU directive. In view of the legal uncertainty regarding what constitutes personal data, this paper examines whether relational database design principles can be applied to identifying personal data. Using this approach, the paper explores various parallels between personal data identification and principles of relational database design. The paper thus makes a novel contribution to the ongoing uncertainty in data protection law. The paper also discusses the wider issue of applying computing/scientific principles to interpreting the law.

CiteULike    Connotea    Del.icio.us    What's this?

Online ISSN 1464-3693 - Print ISSN 0967-0769

Copyright © 2009 Oxford University Press

Oxford Journals Oxford University Press

• Site Map
• Privacy Policy
• Frequently Asked Questions

Other Oxford University Press sites: Oxford University Press Oxford Journals China Oxford Journals Japan American National Biography Booksellers' Information Service Children's Fiction and Poetry Children's Reference Corporate & Special Sales Dictionaries Dictionary of National Biography Digital Reference English Language Teaching Higher Education Textbooks Humanities International Education Unit Law Medicine Music Online Products Oxford English Dictionary Reference Rights and Permissions Science School Books Social Sciences Very Short Introductions World's Classics