Which of the following can be classified as non-personal data under GDPR?

The classification of non-personal data under GDPR specifically relates to data that cannot be linked to an individual in a way that identifies them. Datasets that are aggregated and anonymized fit this definition perfectly, as they have been processed in such a way that the individual identities of the data subjects cannot be re-identified or discerned. This distinction is critical in privacy regulations because once data is anonymized, it falls outside the scope of data protection laws like the GDPR.

In contrast, anonymous browsing history, while anonymized, can sometimes still hold traces or information that could allow for a user to be identified through other means, depending on the context. Any data collected from users would typically be considered personal data since it relates directly to individuals. Cookies tracking individual activity collect personal information about users' online behavior, making them personal data as well under GDPR. Thus, the aggregation and anonymization of datasets effectively removes individual identifiers, allowing them to be classified as non-personal data.