What is Personal Information Across Major Privacy Laws

“Personal information” (or data) has been defined by all the major privacy laws around the world. It has been referred to in many ways, but tends to hold the same meaning: personal information is any data that can be used to identify an individual.

Things like names, IP addresses, email, biometric data and more can fall under it. This depends on which law applies to you. 👀 Curious? Keep reading to learn more.

🇪🇺 “Personal Data” under the GDPR

Definition

Personal data within the context of the General Data Protection Regulation (GDPR) refers to any data that relates to an identified or identifiable living person. This includes pieces of information that, when collected together, can lead to the identification of a person.

💡 Generally, the wording “personal information” has been used by US lawmakers and “personal data” by the GDPR, but essentially they relate to similar things.

Types of Personal Data

Under the GDPR, examples of personal data include (but are not limited to):

• names;
• health, genetic and biometric data;
• web data such as IP addresses;
• personal email addresses;
• political opinions;
• pseudonymized or encrypted data.

Examples of non-personal data include anonymized data, company registration numbers and generic company email addresses such as info@company.com.

🇺🇸 “Personal Information” under the CPRA (CCPA amendment)

Definition

Under the scope of the California Consumer Privacy Act (CPRA (CCPA amendment)), it is defined as: “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

Types of Personal Information

The CPRA (CCPA amendment) further details that it can include, but is not limited to:

• identifiers such as a real name, postal address, IP address, email address, social security number, driver’s license number, passport number;
• commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
• internet activity information, including browsing and search history;
• biometric information;
• geolocation data;
• professional, educational or employment-related information.

🇨🇦 “Personal Information” under PIPEDA

Definition

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), personal information involves “any factual or subjective information, recorded or not, about an identifiable individual”.

Types of Personal Information

Examples under PIPEDA include:

• age, name, ID numbers, income, ethnic origin, or blood type;
• opinions, evaluations, comments, social status; and
• employee files, credit records, loan records, medical records.

🇦🇺 “Personal Information” under the Australian Privacy Act

Definition

According to the Australian Privacy Act and 13 Privacy Principles (APPs), it means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and
• whether the information or opinion is recorded in a material form or not.

Types of Personal Information

The above definition is quite broad, and can include:

• IP addresses;
• Unique Device Identifiers (UDIDs) such as for a mobile phone or tablet;
• location information may also be covered because it can reveal user activity patterns and habits;
• other unique identifiers in specific circumstances.