Читать книгу Privacy and Data Protection based on the GDPR - Leo Besemer - Страница 43
1.3.2 Material scope of the GDPR
ОглавлениеIn response to the news of the impending introduction of the GDPR in early 2018, many stories were circulating about the new GDPR. The law would be much stricter and above all, comprehensive. Almost all information about people is personal data, and almost everything you want to do with that data is subject to the law.
According to sources on internet around that time a note was posted on the door of an Italian butcher shop (Figure 1.7). Translated to English it reads:
“Attention! In our butcher shop we might ask for your name and remember your preferences in terms of meat. If you are worried about this, please enter while shouting ’I refuse consent!’ From then on, we will pretend not to know you.”
The story has been repeated many times, and depending on which version you come across the butcher may also have been German or Austrian (in which case the picture shown here would be a fake). But the concern may very well have been real.
Figure 1.7 A butcher’s note.
It is certainly true that any information on an identifiable person is regarded as personal data, and most of the things you might want to do with personal data are deemed as processing according to the law. But the case of the Italian butcher sounds far-fetched. Would this really be necessary?
The GDPR states that:
This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
GDPR Article 2(1)
The information on preferences regarding products would in general not really be data identifying a natural person. Even in a small village it would probably never be possible to identify a person from the kind of meat he or she buys. And then, could the memory of a butcher be considered a filing system? What is, according to the GDPR, a filing system?