پژوهش های حقوق تطبیقی (Dec 2023)
Comparative Studying the Personal Data in the European Union and Iranian Legal System
Abstract
Personal data, as one of the key concepts in the field of personal data protection legislation, is defined in the General Data Protection Regulation as any information relating to an identified or identifiable natural person. Identifying a person directly or indirectly may be through data content or the purpose of data processing or the effect of data processing on the person. In EU law, to determine whether a natural person can be identified through data processing, all means that are reasonably likely to be used by the controller or processor must be taken into account, and to ensure whether there is a reasonable possibility to determine whether a natural person is present or not, all objective factors must be considered, such as the cost and time required for identification and the technology available at the time of processing. Based on the criterion of identifiability, data that may potentially lead to the identification of a person in the future is also covered by the law; such a standard can create the necessary dynamics in the laws. Iran's legislator has differentiated in the protection of private and non-private data and has limited compliance with processing rules to the first category, but the approach of the draft data protection bill has similarities with European Union and has provided broader protection, however, it needs to be amended by adding the criterion of identification to the legal definition, as well as the protection of the data of the deceased.
