Over on the always-impressive HawkTalk blog, Chris Pounder of Amberhawk writes:
In a 215 page report, the European Parliament has suggested 350 Amendments to the text of the Data Protection Regulation published last year. This blog gives you an impression of those proposed changes that caught my eye on a “speed read” of the Report (produced by Jan Albrecht, the rapporteur for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs).
I think the most important proposal is the fettering of the European Commission’s powers. In many instances, many powers found in the Regulation are amended to involve the European Data Protection Board of Data Protection Commissioners (the Regulation’s formal structure for what we now call the Working Party 29 Group of Commissioners).
[…]
The Report has introduced the concept of a not quite personal data; a ‘pseudonym’; I am not sure of the consequences. A ‘pseudonym’ is a “unique identifier which is specific to one given context and which does not permit the direct identification of a natural person, but allows the singling out of a data subject”.
The Report then states that “For the use of pseudonymous data, there could be alleviations with regard to obligations for the data controller undertaking the processing (e.g where personal data are processed only in the form of pseudonyms, consent may be given by automated means)”.
I am not convinced the concept works also and I think it needs a definition of “pseudonymous data” which also considers what other information the data controller has. For instance, suppose I know that mickey.mouse@hotmail.com is really Fred Bloggs. The mickey.mouse email address is pseudonymous data as it does not “not permit the direct identification of a natural person”; but I know who it is.
Read more on HawkTalk