Recently the European Data Protection Supervisor, Giovanni Buttarelli, spoke about Big Data and Data Protection in a keynote address in Berlin.
Mr Buttarelli said that the advantages of Big Data should be supported by “an ethical approach to developing technology and related business models”, “reformed legal rules”, “privacy by design” and “enforcement cooperation”.
Mr Buttarelli’s presentation had been preceded by a presentation from Julie Brill, the Federal Trade Commissioner, so Mr Buttarelli built upon the FTC position of mutual cooperation between the US and Europe and was keen to reinforce the bridge that exists between the two continents.
However Mr Buttarelli highlighted some of the risks that Big Data poses to the protection of personal data as follows:
- “Challenges to use control, consent and self-determination of the individuals;
- Difficulty in allocating responsibility in the complex Big Data ecosystem;
- The lack of transparency;
- Re-purposing data, or the risk of using inaccurate data, taken out of context, for incompatible purposes; and
- Potential for unfair discrimination stem from biased conclusions based on correlation versus causation”.
In several places in his presentation Mr Buttarelli focused on “ethics” and “ethical dimension”. This focus on ethics mirrors approaches being taken in other organisations such as the United Nations, the American Bar Association and Tech UK, where the Big Data ecosystem not only needs to be managed by appropriate regulation but more particularly by ethical guidance.
In addition to the focus on ethics Mr Buttarelli also talked about accountability, privacy by design and the rights of individuals within the Big Data ecosystem.
Whilst recently we have seen the UK Information Commissioner himself indicating that consent is not always necessary to legitimise data processing and that in the Big Data ecosystem “legitimate interests” is a solution, Mr Buttarelli made it clear that “there is no justification for blanket exceptions for processing of pseudonymous or anonymised data or for processing publically available data” and further that “there should be no loopholes for processing of data on an excessive interpretation of legitimate interest grounds, and consent should continue to be required where appropriate”.
This approach by Mr Buttarelli signals that there is still a long way to go before a balance can be found between the rights of individuals in relation to their personal data and the needs of government and business to maximise the commercial value of individuals’ personal data.