Personal Data

Personal data includes names, addresses, phone numbers, email addresses, and photos that identify specific individuals. Japan's APPI includes information that can identify individuals through cross-referencing. The EU's GDPR extends further to IP addresses and cookie identifiers.

QR codes intersect with personal data in multiple ways. First, QR codes may directly contain personal data - vCard QR codes include names, phone numbers, and emails; medical QR codes may store patient IDs. Since anyone who scans these codes can read the contents, the scope of stored information requires careful design.

Second, dynamic QR code scan logs record timestamps, IP addresses, device information, and location data. Combined, these can estimate individual behavior patterns, requiring compliance with data protection laws.

Practical measures include minimizing personal data in QR codes, encrypting sensitive information, defining log retention periods and purposes, and disclosing data collection in privacy policies. Encrypted QR codes like SQRC, which control read permissions, are suited for personal data applications.