Home >

news Help

Publication Information


Title
Japanese:Privacy Enhancing Technologies in the EU Digital Omnibus Proposal : Clarifying the Role of PETs in the Definition of Personal Data under the GDPR 
English:Privacy Enhancing Technologies in the EU Digital Omnibus Proposal : Clarifying the Role of PETs in the Definition of Personal Data under the GDPR 
Author
Japanese: Kenji Suzuki.  
English: Kenji Suzuki.  
Language English 
Journal/Book name
Japanese:SSRN 
English:SSRN 
Volume, Number, Page        
Published date Feb. 25, 2026 
Publisher
Japanese:ELSEVIER 
English:ELSEVIER 
Conference name
Japanese: 
English: 
Conference site
Japanese: 
English: 
Official URL https://ssrn.com/abstract=6247239
 
Abstract The EU Digital Omnibus Proposal, published by the European Commission on November 19, 2025, aims to simplify the overall EU digital legislative framework and, as part of this effort, proposes amendments to clarify the interpretation of the concept of "personal data" in the General Data Protection Regulation (GDPR). In particular, the proposal introduces a subject-specific and context-dependent assessment of identifiability, under which information does not constitute personal data for an entity that lacks reasonably available means of reidentification. This paper focuses on the judgment of Court of Justice of the European Union (CJEU) in SRB (Case C-413/23 P European Data Protection Supervisor v Single Resolution Board [2025]) as the institutional background of this amendment. While the judgment recognizes that identifiability may depend on the means reasonably available to each entity, it also maintains a controller-based standard for the transparency obligation, thereby separating the assessment of identifiability from the establishment of that obligation. Against this background, this analysis addresses the following research question: how the EU Digital Omnibus Proposal transforms the legal role of privacy enhancing technologies (PETs) from supplementary safeguards into institutional elements that define the scope of personal data under the GDPR. It argues that the proposal repositions PETs as structural components that shape the range of reasonably available re-identification means and thereby influence the scope of application and the activation of obligations under the GDPR. This institutional design suggests a new approach to balancing data protection and data utilization, in which the boundary between personal and non-personal data is constructed through technology-dependent identifiability assessments.

©2007 Institute of Science Tokyo All rights reserved.