Skip to Content.
Sympa Menu

cacert-policy - Re: Current data processing practices

Subject: Policy-Discussion

List archive

Re: Current data processing practices


Chronological Thread 
  • From: Gert Seidl <Gert.Seidl AT gmx.at>
  • To: cacert-policy AT lists.cacert.org
  • Subject: Re: Current data processing practices
  • Date: Fri, 29 May 2009 09:34:50 +0200

Hi,

ulrich AT cacert.org
 schrieb:
> ...
> so where "personal data" starts ?
> 
> Is the email adress personal data? is the serial number of your client
> cert personal data?
> (see 4 i - iv)
Here in Austria "personal data" is data that determines a person (e.g.
full name + DOB + address) or can be used to determine a person (e.g.
number of credit card). (ยง4 Z.1 DSG 2000,
http://ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10001597)

If the people using the data are not (legally) able to determine the
person, the data is called "indirect personal data". For that kind of
data the restrictions are not that strict.

email address:
If you only have the email address it imho is "indirect personal data",
because as a normal citizen you will not be able to determine the person
behind it (but the provider normally can). If this email is the username
for an account and you have additional (and verfied) data in that
account, it is "personal data".

Although not every email address can be traced back to a distinct person
many can. Therefore you have to treat every email address as "personal
data".

hth,
Gert

> ...
> regards, uli  ;-)
> 


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.16.

Top of Page