• EN - English
  • SK - slovenčina
Parliamentary question - E-007174/2017(ASW)Parliamentary question

Answer given by Ms Jourová on behalf of the Commission

As recalled by the Honourable Member, the definition of personal data in Article 4(1) of the General Data Protection Regulation (GDPR)[1] is broad as it encompasses any information relating to an identified or identifiable natural person. To determine whether an e-mail address constitutes personal data it must be assessed whether the e-mail address relates to a natural person, either identified or identifiable, notably in view of all the means reasonably likely to be used by the controller or by another person to identify the natural person.[2]

Where an e-mail address uses direct identifiers of an individual (e.g. johnsmith@gmail.com), it is personal data falling within the scope of GDPR. In the absence of direct identifiers, an e-mail address may also constitute personal data when combined with other data (e.g. an address or date of birth) it relates to an individual.

Recital 14 of the GDPR clarifies that the regulation does not apply to the processing of personal data which concerns legal persons, including the name and the form of the legal person and the contact details of the legal person. An e-mail address of a legal person such as ikeacontact@ikea.com would not fall within the scope of the regulation. However, personal data of employees of the legal person, including their professional e-mail addresses, would fall within the scope of the regulation (e.g. johnsmith@ikea.sk).

The processing by a company of an e-mail address such as flower234@gmail.com which can, with other data in its possession, be related to a natural person falls under the GDPR and such e-mail address can only be disclosed to third parties in accordance with data protection rules. The ePrivacy Directive sets forth additional rules for sending marketing material to e-mail addresses.[3]

Last updated: 7 June 2018
Legal notice - Privacy policy