Data from “human-distant” sensor systems mainly concern environmental conditions and occurrences and does not include information on natural persons. As far as and as long as no personal information is available, data protection law does not apply. Non-personal data may, however, become personal if the processor gains new knowledge, e.g., by accumulating more data or through new analytic methods (e.g. Big Data).
Non-personal data may be collected, processed and used without limitations. If, however, data is being processed without reference to an individual but this reference is established subsequently, not only one single piece of information but rather a whole lot of information may become personal information all at once. Many protective measures provided in data protection law (e.g. transparence, purpose binding and necessity of data processing) cannot be effectively implemented at this stage any more. This “late” referencing of originally non-personal masses of data to individuals, therefore holds high risks for realization of Informational Self-Determination and its protective programme. Thus, non-personal data with relevant risks should be subject to cautionary measures.
Research in C.2 will be focused on determining how relevant and irrelevant risks of non-personal data from “human-distant” sensor systems may be distinguished, on analyzing how this (yet) non-personal data should be handled and how situations should be handled, where non-personal data subsequently becomes personal data. These research objectives will be achieved by a very close cooperation of legal researchers and computer scientists.
