According to the law, personal data means any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number (e.g. social security number) or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (e.g. name and first name, date of birth, biometrics data, fingerprints, DNA…)
To define personal data, account must be taken of all the means available to the “data controller” to determine whether a person is identifiable.
Personal data are any anonymous data that can be double checked to identify a specific individual (e.g. fingerprints, DNA, or information such as “the son of the doctor living at 11 Belleville St. in Montpellier does not perform well at school”).
Information and communication technology generate a growing amount of increasingly accurate data about us (credit card payment, calls made from a cell phone allowing to identify with a 430 yards accuracy the place where the caller is, an internet connection)
Personal data represent a great deal of commercial worth. As a result they are increasingly sought after : files are bought and sold, commercial groups may be tempted to identify and group in one file “good clients” of each of their subsidiaries, or “bad clients”.
The “traces” left by IT uses are increasingly easy to exploit, due to software improvements (e.g. internet search engine technology, or data “searching” software).
Personal data can be data that are not associated with the name of a person but can easily be used to identify him or her and to know his/her habits and tastes.
(For instance “the holder of line number 01 53 73 22 00 often makes calls to Senegal”, or “the owner of vehicle 3636AB75 subscribes to such and such magazine” or “social insurance beneficiary 1600530189196 sees the doctor more than once a month”.)