Ein besonders wichtiges Ziel von Datensicherheit ist der Datenschutz, also der Schutz personenbezogener Daten wie E-Mail-Adressen, Sozialversicherungs-nummern oder Standortdaten. Verankert ist dieser im Recht auf informationelle Selbstbestimmung, nach dem jede Person selbst über die Preisgabe und Ver-wendung ihrer eigenen Daten bestimmen darf. Mögliche negative Konsequen-zen einer Offenlegung von personenbezogen Daten reichen vom Verkauf für Werbezwecke über Identitätsdiebstahl bis hin zu politischer Verfolgung. Aber auch der Schutz nicht-personenbezogener Daten kann im Interesse der All-gemeinheit liegen. Das gilt insbesondere, wenn von ihnen der Betrieb kritischer Infrastrukturen abhängt, deren Ausfall zu Versorgungsengpässen oder sogar zur Gefährdung für die öffentliche Sicherheit führen kann.

Does the EDL/EID card transmit my personal information? No. The RFID tag embedded in your card doesn't contain any personal identifying information, just a unique reference number.

Data broker Invisibly (www.invisibly.com) provides a listing of various types of data available for sale on the dark web, ranging from a Social Security number (valued at just $0.53) to a complete healthcare record ($250).

By itself the name John Smith may not always be personal data because there are many individuals with that name. However, where the name is combined with other information (such as an address, a place of work, or a telephone number) this will usually be sufficient to clearly identify one individual.

Simply because you do not know the name of an individual does not mean you cannot identify that individual. Many of us do not know the names of all our neighbours, but we are still able to identify them.

Perhaps the biggest implication of this is that, under certain circumstances, personal data includes online identifiers such as IP addresses and mobile device IDs

an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Under the scope of the CCPA, “personal information” is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

For instance, if an IP address is sent with an ad request (which will be the case with almost any ad request as a consequence of internet protocols), that transmission will not breach any prohibition on sending PII to Google.

Google interprets PII to exclude, for example: pseudonymous cookie IDs pseudonymous advertising IDs IP addresses

data excluded from Google's interpretation of PII may still be considered personal data under the GDPR

Article 4 of GPPR defines personal data as any information relating to an identified or identifiable natural person (‘data subject’). The definition not only covers all sorts of online identifiers (eg. networks’ IP address, device ID or cookie identifier) but also the combinations of browser characteristics that fingerprinting relies on (see: Recital 30). And since the information collected using fingerprinting allows you to identify users between sessions, it’s considered personal identifier. Hence, this technique doesn’t meet the data anonymization standards.

the introduction of the EU’s General Data-Protection Regulation (GDPR) has significantly impacted the way websites and business collect, store and use both types of cookies. For one, the GDPR includes cookies in its definition of personal data, which refers to any piece of data or information that can identify a visitor.

European Court of Justice (ECJ) has handed down a judgement that rules IP Addresses are Personally Identifiable Information (PII)

The European Court of Justice recently ruled that dynamic IP address are now classed as PII.

This was because the court felt he could not be identified based on just the IP address

Another acceptable option is to pass to Google Analytics an encrypted identifier that is based on PII

EU laws generally consider IP addresses to be PII, or “personal data,” as defined under EU applicable law.

You can send Google Analytics an encrypted identifier or custom dimension that is based on PII, as long as you use the proper encryption level.

CIVIC will make no attempt to identify individual users. You should be aware, however, that access to web pages will generally create log entries in the systems of your ISP or network service provider. These entities may be in a position to identify the client computer equipment used to access a page.

Oracle hashes the direct and indirect identifiers (such as IP address and cookie ID) in the Sample Dataset. ‘Hashing’ means the personal information cannot be associated with an individual without the use of additional information.

Personally identifiable information (PII) is information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (e.g., passport information) that can identify a person uniquely, or quasi-identifiers (e.g., race) that can be combined with other quasi-identifiers (e.g., date of birth) to successfully recognize an individual.