Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- D11.1: Mobility and Identity.
- D11.2: Mobility and LBS.
- D11.3: Economic aspects of mobility and identity.
- D11.4: Workshop on Mobility and Identity.
- D11.5: The legal framework for location-based services in Europe.
- D11.12: Mobile Marketing in the Perspective of Identity, Privacy and Transparency.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D11.6: Survey on Mobile Identity
The deliverable in hand provides the results of an explorative survey on the
control model for identity related data in location-based services (LBS)
presented in FIDIS deliverable D11.2.
The survey was performed to explore the influence of LBS characteristics (pull
vs. push based, indirect vs. direct profile creation) on the perceived amount of
control participants have about the disclosure of their identity.
Four scenarios, each reflected a different aspect of the control model, have been
designed and tested.
 |
The legal framework for LBS in Europe PERSONAL DATA: DIRECTIVE 95/46/EC |
 |
Personal data: Directive 95/46/EC
The general framework with regard to the processing of personal data is Directive 95/46/EC (hereinafter: Data Protection Directive). Whether or not this directive is applicable depends on whether there is ‘processing’ of ‘personal data’. The definition given of processing is very broad in scope and it is fair to say that almost all handling of data, from their establishment to their destruction, can be considered processing as meant by the Data Protection Directive.
Whether or not data can be considered to be personal is more difficult to establish. According to article 2 sub a) of the Data Protection Directive, personal data shall mean:
“(a) any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”.
In this definition identification of a natural person forms the main criteria. Identification can be direct, as well as indirect. Direct identification means identification without the use of a third source. Indirect identification concerns for example identification on the basis of an identification number. In this case, a third source is necessary to link the identification number to directly identifiable factors such as a name. An identification number can be a national identification number, as well as other numbers, such as an employee number or an IP-address. IP-addresses allow indirect identification. IP addresses can be traced back to a computer, and through the Internet Service Provider to a subscriber. Also dynamic IP addresses can be traced back to a computer. Although the link between subscriber and user is less strong compared to e-mail addresses and phone numbers, most IP addresses can be tied to a log-in and therefore may qualify as personal data.
On the basis of article 29 of Directive 95/46/EC, a Working Party on the Protection of Individuals with regard to the Processing of Personal Data is established. This Party has an advisory and independent status and has given opinions on all kinds of issues related to the processing of personal data in order to clarify the existing legislation. At the moment (March 2007), the Article 29 Working Party is preparing a document with explanations on the scope of the term ‘personal data’, as national implementation laws show differing interpretations of this concept.
| |
   |
|
| 14 / 47 |
