personal data;
pseudonymised data (a personal connection can be restored);
anonymised data (a personal connection cannot be restored);
non-personal data (data for products and machines);
publicly available data.
For personal data the general data protection regulation (GDPR) applies within the European Union:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Because of the lex loci solutionis this is also covers companies which are not located in the EU but which offer products or services in the European Union. This regulation also applies to ‘Industry 4.0’ applications with which personal data is deliberately processed (e.g. when evaluating customer behaviour with big data applications).
Note: When processing pseudonymised or anonymised data you must ensure that the personal contact cannot be restored by the processor, otherwise the general data protection regulation applies.
The general data protection regulation forms the data protection perimeter for personal data in the European Union, together with the directive for data protection in the police and justice sectors:
DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA
Non-personal data (data for products and machines) is also subject to an EU regulation when it comes to its distribution:
REGULATION (EU) 2018/1807 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 November 2018 on a framework for the free flow of non-personal data in the European Union
This regulation aims at safeguarding the free flow of data that is non-personal within the European Union. By now this kind of data is also viewed as an economic asset, but that does not mean that property rights and intellectual property rights are generally applicable to this data. Rather the rights to use the data, in other words its processing, are left to contracts drafted by the market players.
Publicly available data, in other words data that public bodies, within the sovereign fulfilment of their duties, survey, collect, evaluate, process or are informed of, as well as data in the ownership of public authorities and companies, can also be of interest for companies or natural people.
Two EU directives are relevant for its continued use:
DIRECTIVE 2013/37/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 26 June 2013 amending Directive 2003/98/EC on the re-use of public sector information
DIRECTIVE (EU) 2019/1024 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 June 2019 on open data and the re-use of public sector information
The first directive is already legally binding. The second directive must be implemented into national law by the EU member states by 17 June 2021 at the latest.
Both directives ensure that the continued use of publicly available data is possible and supported, thereby generating incentives for the development of new products and services