Over on Smashing Magazine, Heather Burns recently published a guide on the GDPR. As someone in the United State, I’ve been hearing rumors we could be affected as well, but I found this interesting in her post related to personal data:
The European data protection frameworks pertain to personal data. This is defined as “any information relating to an identified or identifiable natural person.” This can be one piece of information or multiple data points combined to create a record.
The European term “personal data” differs from the American term “personally identifiable information.” The latter pertains to a much more limited set of information than the European model. It also does not see information as contextual, whereas the European framework emphasizes the risks inherent in data aggregation.
I’m really pessimistic on this law, our elected leaders can reduce the size of our national parks to allowing drilling, yet we can’t collect a username/email/password without going through tons of red tape? Seems like our priorities are out of whack to me.