undefined | Better HN

0 pointsmehrdadn7y ago0 comments

Are you sure? I didn't find a clear sentence on this last time I looked. It seems hard to define what is derived data (if they guess that a 20 year old is a student, is that derived data? or just a guess) and I can imagine it leaking information about other people if it involved aggregating together pieces of data from multiple people.

0 comments

icebraining7y ago

The GDPR says "'personal data’ means any information relating to an identified or identifiable natural person". So as long as this derived data is directly related to a person, the GDPR applies.

More explicitly, the UK's regulator says: "You should however note that if this ‘inferred’ or ‘derived’ data is personal data, you still need to provide it to an individual if they make a subject access request."

mehrdadnOP7y ago

Huh, thanks for that. So e.g. LinkedIn not providing any information on (say) emails they've scraped seems blatantly illegal too?

j / k navigate · click thread line to collapse

0 comments

icebraining7y ago

The GDPR says "'personal data’ means any information relating to an identified or identifiable natural person". So as long as this derived data is directly related to a person, the GDPR applies.

mehrdadnOP7y ago

Huh, thanks for that. So e.g. LinkedIn not providing any information on (say) emails they've scraped seems blatantly illegal too?

j / k navigate · click thread line to collapse