Data Protection Day 2026: When is Data personal? The debate renewed by EDPS v SRB (C-413/23 P)

28 January 2026

On 4 September 2025, the Court of Justice of the European Union delivered a pivotal judgment in Case C-413/23 EDPS v SRB, prompting the data protection community to take a fresh look at key concepts in EU data protection law. The Court clarified three crucial issues central to the interpretation of data protection law: that personal opinions are inherently personal data; that pseudonymised data do not necessarily qualify as personal data in all cases and for everyone; and that the controller’s transparency obligations remain even when sharing data that have undergone pseudonymisation.

Building on this court decision, the European Commission laid down a proposal on 19 November 2025 to change the very definition of personal data. This panel will unpack the implications of the judgment for data controllers, regulators and data protection professionals. The discussion will also explore whether the proposed new definition of personal data aligns with existing case law on the distinction between personal and non-personal data in the EU’s data protection landscape.

If pseudonymous data are not always personal data for everyone, how can the controller assess in practice the likelihood that a recipient could identify a data subject?
And what threshold of identifiability should be applied - does it require naming a person, or merely distinguishing them within a group?
How should organisations adapt their transparency practices in light of this nuanced approach to personal data?
Is the Court’s reasoning on the obligation to inform applicable also to broader compliance duties under the GDPR?
And, finally, does the judgment really change everything to the point that it was necessary to touch upon the core premise of data protection: the concept of personal data?

Moderator: Thomas Zerdick, Acting Secretary-General of the European Data Protection Supervisor

Speakers:

Prof. Anna Berlee, Open Universiteit, Amsterdam
Maarten Daman, Data Protection Officer, European Central Bank
Daniele Nardi, Legal Service Officer, European Data Protection Supervisor

+ View more news

News

Happy Data Protection Day 2026!

28 January 2026

Every year on 28 January, we celebrate Data Protection Day. This date marks the anniversary of the Council of Europe’s Convention 108, the first binding international law securing individuals' rights to protection of their personal data.

Towards a Digital Clearinghouse 2.0

27 January 2026

The EDPS invites you to the Digital Clearinghouse 2.0 on the 27th of January 2026 in the Charlemagne building of the European Commission in Brussels.

Read the speech by Supervisor

Watch it

EDPB-EDPS Joint Press Release

21 January 2026

EDPB and EDPS support streamlining AI Act implementation but call for stronger safeguards to protect fundamental rights.

Read the Joint Opinion

Read the Joint Press release

+ View full agenda

Agenda

4 February 2026 - 5 February 2026

18th Meeting of the Joint Parliamentary Scrutiny Group (JPSG) on Europol, Participation of Wojciech Wiewiórowski, Nicosia, Cyprus

29 January 2026

"Beyond the Hype: Thinking Critically about AI in Healthcare", Participation by Wojciech Wiewiórowski at event organised by Yale Digital Ethics Centre, Brussels, Belgium

28 January 2026

Thomas Zerdick, EDPS Acting Secretary General, taking part in dinner with Mr Chris Lehane, OpenAI's Chief Global Affairs Office, Brussels, Belgium

28 January 2026

"Connecting Continents: A Strategic Vision for the EU and Japan to collaborate in the Digital Identity Space", Speech by Thomas Zerdick, Acting EDPS Secretary General (video recording), Tokyo, Japan

28 January 2026

"Data Protection Day 2026: Reset or refine?", Opening remarks by Wojciech Wiewiórowski at event organised by the EDPS and Council of Europe on the occasion of Data Protection Day, Brussels, Belgium