“Personal information” (or data) has been defined by all the major privacy laws around the world. It has been referred to in many ways, but tends to hold the same meaning: personal information is any data that can be used to identify an individual.
Things like names, IP addresses, email, biometric data and more can fall under it. This depends on which law applies to you. 👀 Curious? Keep reading to learn more.
Personal data within the context of the General Data Protection Regulation (GDPR) refers to any data that relates to an identified or identifiable living person. This includes pieces of information that, when collected together, can lead to the identification of a person.
💡 Generally, the wording “personal information” has been used by US lawmakers and “personal data” by the GDPR, but essentially they relate to similar things.
Under the GDPR, examples of personal data include (but are not limited to):
Examples of non-personal data include anonymized data, company registration numbers and generic company email addresses such as firstname.lastname@example.org.👉 More information in our GDPR guide.
Under the scope of the California Consumer Privacy Act (CPRA (CCPA amendment)), it is defined as: “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
The CPRA (CCPA amendment) further details that it can include, but is not limited to:
Under the Personal Information Protection and Electronic Documents Act (PIPEDA), personal information involves “any factual or subjective information, recorded or not, about an identifiable individual”.
Examples under PIPEDA include:
According to the Australian Privacy Act and 13 Privacy Principles (APPs), it means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
The above definition is quite broad, and can include: