Data Privacy Glossary

Knowing the key terms from the data privacy jargon is the starting point for becoming compliant. Scroll through the terms, and learn the new language

Learn how to become Compliant for GDPR, CCPA and LGPD with Clym

CCPA

AGGREGATE CONSUMER INFORMATION

Information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device. Aggregate consumer information does not mean one or more individual consumer records that have been de­identified.

BUSINESS PURPOSE

The use of personal information for the business’ or a service provider’s operational purposes, or other notified purposes, provided that the use of personal information shall be reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or processed or for another operational purpose that is compatible with the context in which the personal information was collected.

CONSUMER

A natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however identified, including by any unique identifier.

DEIDENTIFIED INFORMATION

Information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer.

INFERENCE

The derivation of information, data, assumptions, or conclusions from facts, evidence, or another source of information or data.

PERSONAL DATA BREACH

A breach of security that caused accidental or intentional loss, destruction, disclosure or access to processed or transmitted personal data.

PROBABILISTIC IDENTIFIER

The identification of a consumer or a device to a degree of certainty of more probable than not based on any categories of personal information included in, or similar to, the categories enumerated in the definition of personal information.

SALE

“Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.

UNIQUE IDENTIFIER

A persistent identifier that can be used to recognise a consumer, a family, or a device that is linked to a consumer or family, over time and across different services, including, but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device.

BIOMETRIC DATA

Personal data that resulted from specific processing related to physical and behavioural features of a person, which allows the identification of that person.

CONSENT

The informed, unambiguous and freely given permission from the data subject to have data relating to him or her processed.

DESIGNATED METHODS FOR SUBMITTING REQUESTS

A mailing address, email address, Internet Web page, Internet Web portal, toll-free telephone number, or other applicable contact information, whereby consumers may submit a request or direction under this title, and any new, consumer-friendly means of contacting a business, as approved by the Attorney General pursuant to Section 1798.185.

INTERNATIONAL ORGANISATION

An organisation and its subordinate bodies regulated by the public international law, or a body established based on an agreement between at least two countries.

PERSONAL DATA

Any information related to an identified or identifiable data subject (natural person).

PSEUDONYMISING

Also referred to as Pseudonymization, is the personal data processing so that the data can no longer attributed to a specific data subject

SERVICE PROVIDER

means a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that processes information on behalf of a business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract, provided that the contract prohibits the entity receiving the information from retaining, using, or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the contract for the business, or as otherwise permitted by this title, including retaining, using, or disclosing the personal information for a commercial purpose other than providing the services specified in the contract with the business.

THIRD PARTY

A natural or legal person that is not the controller or the processor, but who is authorized by them to process personal data.

VERIFIABLE CONSUMER REQUEST

A request that is made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a natural person or a person registered with the Secretary of State, authorized by the consumer to act on the consumer’s behalf, and that the business can reasonably verify, pursuant to regulations adopted by the Attorney General pursuant to paragraph (7) of subdivision (a) of Section 1798.185 to be the consumer about whom the business has collected personal information.

GDPR

BINDING CORPORATE RULES

The set of internal rules adopted by multinational companies in to define their global policies on international data transfers within the same corporate group towards countries that don’t share the same level of protection.

CONSENT

The informed, unambiguous and freely given permission from the data subject to have data relating to him or her processed.

CROSS BORDER PROCESSING

Processing of personal data when the controller or processor is established in more than one Member State, and the data processing takes place in more than one Member State, OR processing activities that take place in a single establishment in the Union, but that affects data subjects from more than one Member State.

ENTERPRISE

Natural or legal person who performs an economic activity, regardless of the legal form, including associations and partnerships.

GROUP OF UNDERTAKINGS

Is formed by the controlling undertaking and the subsequent controlled undertakings.

INTERNATIONAL ORGANISATION

An organisation and its subordinate bodies regulated by the public international law, or a body established based on an agreement between at least two countries.

PERSONAL DATA

Any information related to an identified or identifiable data subject (natural person).

PROCESSOR

The natural or legal person, public authority or other body which processes data on behalf of the controller.

PSEUDONYMISING

Also referred to as Pseudonymization, is the personal data processing so that the data can no longer attributed to a specific data subject

RELEVANT AND REASONED OBJECTION

An objection regarding whether there exists an infringement of the Regulation or not, or whether the agreed action in relation to the controller or processor is in conformity with the Regulation.

RESTRICTION OF PROCESSING

Restriction of processing is marking of stored personal data in order to restrict its processing in the future.

THIRD PARTY

A natural or legal person that is not the controller or the processor, but who is authorized by them to process personal data.

BIOMETRIC DATA

Personal data that resulted from specific processing related to physical and behavioural features of a person, which allows the identification of that person.

CONTROLLER

The natural or legal person, public authority or other body which establishes the purpose and method of data processing, alone of together with other actors.

DATA CONCERNING HEALTH

Personal data referring to the personal mental and physical health of a person, including information on health services accessed.

GENETIC DATA

Data related to a natural person’s genetic characteristics, whether inherent or acquired, which offers information about the mental or physical health of that person.

INFORMATION SOCIETY SERVICE

A service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19).

MAIN ESTABLISHMENT

For controllers with establishments in more than one Member State, it is the central administration place in the Union, unless the processing decisions are taken in another establishment which in this case will be considered the main establishment. For processors with establishments in more than one Member State, it is the central administration place in the Union, unless the processor doesn’t have a central administration, in which case the main establishment will be the place where the main processing activities are performed.

PERSONAL DATA BREACH

A breach of security that caused accidental or intentional loss, destruction, disclosure or access to processed or transmitted personal data.

PROFILING

Any automated processing that uses personal data to evaluate personal aspects and predict future actions and aspects.

RECIPIENT

A recipient is a natural or legal person, public authority or other body to which personal data is disclosed.

REPRESENTATIVE

A natural or legal person established in the EU, appointed by the data processor or controller to represent him with respect to the obligations under the regulation.

SUPERVISORY AUTHORITY

An independent public authority established by a EU Member State in accordance to Article 51.

UNIQUE IDENTIFIER

A persistent identifier that can be used to recognise a consumer, a family, or a device that is linked to a consumer or family, over time and across different services, including, but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device.