“Big Data” is a technical expression. It refers to a set of data so large or complex that it is impossible to process or analyze in a reasonable time using available resources. The number of Big Data projects is rapidly growing, keeping pace with the exponential growth of data worldwide. The growth is also fuelled by the diminishing price of computer hardware, software and services like cloud computing.
Companies are more and more interested in processing Big Data in order to mine its economic value. Extracting the underlying information and/or correlations promises to bring some return, in the form of increased profits or lower production costs.
While people happily give out vast amount of information via social networks (Facebook, Twitter, etc.), there are many other large data sets that are collected without a person being aware – e.g. GPS localization data, radio-frequency identification (RFID) tags, logs from web pages or various databases (containing client, employee or transaction data).
But processing Big Data raises some concerns, particularly in relation to data protection, privacy and database copyright. We look at these in turn from the perspective of Czech law.
In most cases the data processed and analysed in Big Data projects is anonymous. However, if the data set includes personal data, it must be treated in accordance with the Czech Act No. 101/2000 Coll. on Personal Data Protection, as amended, which implemented EU Directive 95/46/EC. The current legal framework is based, inter alia, on the following principles (i) data quality (e.g. purpose limitation, accuracy and completeness), (ii) consent, (iii) transparency, (iv) access and rectification, and (v) security.
Many of these principles are likely to be circumvented during the analysis of Big Data, such as transparency, data minimization and consent, especially since data subjects will most often not be aware that their personal data is being processed.
In order to keep up with technological developments, the European Commission has published the draft of a new EU regulation intended to replace the current legal framework. It introduces new rights, such as the right to be forgotten, the right to data portability, privacy by design and privacy by default. It also strengthens the existing rights of data subjects – e.g. data profiling. However, the enforceability of these new concepts may be questionable, as it presupposes data subjects’ awareness of the processing of their personal data.
The protection of privacy is another issue to be considered with the processing of Big Data. Under Czech law, every person has the right to the protection of his or her privacy, name, personality and means of personal expression. Privacy protection is usually associated with the protection of personal data, but it is conceivable that privacy issues may arise even if personal data is processed in accordance with the law, and vice versa. Anonymized data that cannot be de-anonymized should not raise any concerns.
Some data sets – databases – analysed within Big Data may, if they meet certain conditions, fall under the protection of the Czech Copyright Act. Thus, when analysing Big Data, a company should determine whether there are any such database(s) and the scope of rights it holds or should acquire in order to legally operate it.
In addition to the above concerns, many will want to take a closer look at how the information resulting from big data analysis is used. While it may result in more cost-effective business strategies and ultimate savings for consumers – assuming the costs of analysis are not excessive – there may be a temptation to use the results selectively to deprive certain groups access to a product or service (e.g. insurance, banking).
Big Data is still a new phenomenon and as such, requires careful consideration.