The digitalization of any of our action produces an huge quantity of data. This Big Data comes from multiple sources at an impressive velocity, volume and variety.
Stakeholders are more and more aware of this valuable asset and are very proactive in the production of data and in adopting systems and technologies able to process this data.
In this scenario European data protection rules seem to be a burden or a safeguard, depending on the standpoint.
In fact, to the extent that Big Data may be considered personal data, Directive 95/46/EC (and the applicable implementing laws) applies.
Accordingly principles, such as fairness, purpose limitation and data minimization should be taken into account. Applicable principles and rules are still the same also with reference to the Big Data scenario and, as confirmed by the European Data Protection Supervisor, “fundamentally this is a question of scale“.
The application of the European data protection principles requires that data controllers collect personal data only for specified, explicit and legitimate purposes, and do not further process such data in a way incompatible with those purposes. They also require that personal data must be adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed.
In this regard, it has been argued that the focus should be only on the use of personal data, linking this to the level of risk of harm to individuals.
Nevertheless, as recently confirmed by the Article 29 Data Protection Working Party, there is no need to think that the above mentioned principles are no longer valid and appropriate for the development of Big Data. Furthermore, in opposition to the opinion of certain stakeholders, such principles should be of guidance starting with the collection of data in order to ensure the high level of protection required by the law.
We will see whether a compromise will be found in the framework of the new data protection regulation currently in discussion.
In the meanwhile, a prudent approach by the stakeholders to the creation of Big Data should take into account European data protection principles in order not to preclude the future exploitation of such data. On the other hand, cooperation between local and international regulators with a business oriented view is more than welcome in order to find those creative solutions aimed at protecting the true interests of the data subjects without blocking the development of the digital economy.