Geo data – support for researchers

3. Description of the Categories of Personal Data

Summary: The aim of this description is to describe all types of personal data that is processed by the activities of the project. This is necessary to demonstrate that each type of processed data is indeed necessary to reach the goal of the project, and that only a justifiable minimum amount of personal data is processed.

Step 3 describes the types of data collected from data subjects described in step 2, also describing the specific purpose each one fulfils. Whereas the general purpose of the project has been already explained in step 1, these descriptions now describe each type of processed data, and will explain why each one of them is needed – to provide their specific purposes. In addition, these descriptions provide an idea of the possible risks associated with them – risks that are then described and assessed in Step 11 of the Privacy Scan.

As it is described here, personal data covers everything linked or related to individuals, so the list of personal data should include not only directly identifiable information like name, address, email, etc., it should also include indirect identifiers like demographic information, opinions, knowledge, professional or academic interests, etc.

Data is listed as categories – the type of data is described, not the content of it. Data descriptions that have the same justification are listed together, and any additional comments are listed too as necessary. When possible, it is advisable to provide access to the questions/topic guide/script used to collect data, as these provide a more accurate picture of the nature of collected data.

Special categories of personal data

Special categories of personal data include the following types of data: Racial or ethnic origin; Political opinions; Religious or philosophical beliefs; Trade union membership; Genetic data; Biometric data for the purpose of uniquely identifying a person; Health data; Data about sexual behavior or sexual orientation. If the processing activity intends to process these special categories of personal data, ensure this is clearly stated in the data description.

This type of personal data is in principle prohibited to process, unless one of the GDPR Art. 9(2) exceptions apply. The applicability of these exceptions is later addressed in Step 7 of the Privacy Scan.

An example of a description of data collected for interviews may look like this:

Description Justification Comments
Name, email address Necessary to invite and to arrange interview appointment Name & email is processed independently of interview transcripts. Participants are identified by pseudonyms
Participant number Identify participant’s data within the project research dataset Name – pseudonym reidentification link table is maintained while interviews are ongoing
Age, nationality, gender Necessary to provide context to the participant’s responses, including experiences of aggression or exclusion. Age brackets are used. Nationality collected by multiple choice.  Gender is likely a special category of personal data
Home address Necessary to link a participant to a specific geographical region. Only the four digit postcode is used
Opinions and experiences on sustainable mobility Necessary to collect participants views on the study topic. Interview guide is available in the project’s shared folder (link to document)
Interview audio & transcript Necessary to maintain the integrity of the interview’s content

Previous: Description of Data Subjects | Next: Description of the Processing of Personal Data