Data would not count as being personal data within the proposed new European Union General Data Protection Regulation if it is too burdensome to assess whether it is actually personally identifiable or not. That is a revision introduced by the EU’s Council of Ministers. Under the proposed revised definition, personal data would mean: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, by means reasonably likely to be used by the controller or by any other natural or legal person, in particular by reference to a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. If identification requires a disproportionate amount of time, effort or material resources the natural living person shall not be considered identifiable.”
The Council’s revisions would also enable use for specified, explicit and legitimate purposes to be additionally processed for historical, statistical or scientific purposes, subject to conditions and safeguards.