The concept of personal data - any information relating to an identified or identifiable natural person - is a cornerstone of the European data protection framework since its very inception. The processing of personal data is a conditio sine qua non for the applicability of EU data protection law. Despite the crucial importance of the notion, the boundaries of the concept are often blurry. Ascertaining whether data is personal frequently depends on each individual processing's concrete context and characteristics. As a result of the contextual and relative character of the notion of personal data, in cases dealing with indirect identifiability, much is left to the discretion of the interpreter.

European doctrine and jurisprudence favour an expansive interpretation of the notion of personal data. In particular, the identifiability threshold is seen as very low; at the same time, the ways in which the information can be said to be relating to a natural person are manifold. The combination between the low identifiability threshold, and of the wide range of ways to satisfy the requirement for a relational link between data and natural person, leads to an extremely wide material scope for EU data protection legislation. Data protection is thus becoming, it has been argued, 'the law of everything'.

This paper responds to the growing concerns surrounding the perceived over-inclusiveness of the notion of personal data, suggesting a balanced approach to its interpretation. It starts by defining the concept of personal data in EU data protection, taking into account law, doctrine, and jurisprudence. It then delves into the two most crucial elements of the concept of personal data: identifiability, and the connection that must link information and natural person to make the data personal. The paper concludes by providing a balanced reading of the concept of personal data, pleading for a nuanced approach to its interpretation.

This book is about open data, i.e. data that does not have any barriers in the (re)use. Open data aims to optimize access, sharing and using data from a technical, legal, financial, and intellectual perspective. Data increasingly determines the way people live their lives today. Nowadays, we cannot imagine a life without real-time traffic information about our route to work, information of the daily news or information about the local weather. At the same time, citizens themselves now are constantly generating and sharing data and information via many different devices and social media systems. Especially for governments, collection, management, exchange, and use of data and information have always been key tasks, since data is both the primary input to and output of government activities. Also for businesses, non-profit organizations, researchers and various other actors, data and information are essential.

The rationale underlying open data—unfettered technical and legal openness—is logically bound to clash with other rights, freedoms, and interests, when the latter regulate or impede information disclosure. The rights to privacy and to the protection of personal data, in particular, are amongst the starkest and most notable limits to open data. Privacy and data protection are often conflated, the latter misconstrued as a synonym of the former. Albeit historically connected, they are however two distinct fundamental rights within the EU legal framework. Privacy and data protection answer to partly overlapping and yet distinct rationales, each of which clashes with open data for different reasons. This chapter aims at disambiguating the right to privacy from the one to the protection of personal data within the EU fundamental rights framework, underlining the ways in which data protection relates to (and can clash with) the concept of open data.

“Smart city” is a buzzword, highly hyped up and evading a unitary characterisation. Its blurriness is highlighted by the broad array of definitions with which academic and corporate literature have attempted at delineating the notion. This paper derives from the elaboration of several definitions that have been given to the concept of smart city. It maintains that a smart city is, succinctly, the specific set of practices and design choices underlying the instrumentation and digitalisation of the urban environment. Technology, however, is inherently political, and has regulatory capacity. Following the principle of Data Protection by Design, we argue for the conceptualisation of the right to personal data protection as a nonfunctional requirement to be applied to the instrumentation of the built environment – to the so-called smart city. This paper aims at contributing to the delineation of the scope and definition of the notion of smart city and of its driving values. Its goal is to frame the concept of data protection as naturally belonging to the smart city’s teleology – to the stack of values and goals that the smart city concept aims at achieving or safeguarding.