The Condition of Considering the Data Personal in CyberspaceComparative Review of European General Data Protection Regulation and Iranian law

Personal data is a piece of information about the privacy of individuals and is protected by lawmakers as a right to privacy. On the other hand, protecting users against the actions of data processing companies and the risks that may threaten the integrity and confidentiality of their personal data, requires familiarity with the characteristics of this particular type of data. The present study, using descriptive analytical method, tries to examine the text of the EU General Data Protection Regulation document as well as Iranian legal documents such as the Electronic Commerce Law of the Islamic Republic of Iran, Iranian electronic crime law and the draft bill on personal data protection, to explain the distinguishing features of personal data from other types of data in cyberspace. Finally, the findings of the present study indicate that personal data are necessarily related to the natural person and the common point which is observed in all types and instances of personal data, is the identifiability of data, thus if the identity of the data subject (and not other persons) can be accessed, either directly or indirectly, using conventional and logical data processing tools and devices, the data will be considered personal.