Big Data Analysis is Possible Without Infringing Key Privacy Principles, Says International Working Group
Monday, September 15, 2014
big Data and privacy
Print Mail Download i

“Data is everywhere. The amount of data on the global level is growing by 50 percent annually. 90 [percent] of the world’s data has been generated within the past two years alone,” explains the International Working Group on Data Protection in Telecommunications in their Opinion of May 6, 2014, titled, “Working Paper on Big Data and Privacy: Privacy principles under pressure in the age of Big Data analytics“. The Working Group, founded in 1983, has adopted numerous recommendations and since the beginning of the 90s focused on the protection on privacy on the Internet. Its members include representatives from data protection authorities and other bodies of national public administrations, international organizations and scientists from all over the world.

Big Data is a hot topic on both sides of the Atlantic, not only for the press, but also for regulators (see, for instance, the FTC Big Data & Discrimination Workshop, the European Commission’s recent Communication “Towards a thriving data-driven economy”, the PCAST’s Big Data report and the White House Big Data Report). The afore-mentioned Working Paper adds to the chorus of concerns that have been raised in relation to Big Data and Privacy, but concludes with a positive note: “It is possible to make use of this type of [Big Data] analysis without infringing on key privacy principles.”

The Working Paper:

  • outlines the Big Data value chain, which includes data collection, storage and aggregation, correlation and analysis, as well as usage;

  • highlights the privacy challenges associated with Big Data; and

  • provides a number of recommendations how Big Data may be used in ways that will respect privacy.

The Privacy Implications of Big Data

The Working Group outlines key privacy challenges posed by the use of Big Data, including:

  • Use of data for new purposes: The reuse of data for purposes other than originally intended puts the principle of purpose limitation under pressure. Enterprises must ensure that the analysis is compatible with the original purpose for collecting data, taking into consideration the natural expectation of the individuals concerned, explains the Working Group.

  • Data maximization: “In essence, Big Data is the very antithesis of the privacy principles of relevance and data minimisation.” In the Working Group’s view, it will become more difficult to enforce the obligation to erase data, as private companies and public authorities may want to keep data which may prove valuable at some point in time.

  • Lack of transparency: The Working Group identifies a lack of openness which also makes it difficult for individuals to exercise their right of access.

In addition, the Working Party considers a number of other privacy implications, some of which are considered to go beyond mere privacy concerns, such as the fact that the compilation of data may uncover sensitive information; the risk of re-identification, security implications; risks related to the use of incorrect data; power imbalance; data determinism and discrimination; a chilling effect on citizens and society at large; and the creation of echo chambers or filter bubbles.

Recommendations:

The Working Group lays out an array of recommendations regarding how Big Data may be used in ways that will respect the privacy of each individual, in particular:

  • Consent: The Working Group stresses the importance of meaningful consent in connection with the use of personal data for analysis and profiling purposes. Whilst it acknowledges that processing may also be possible without consent “within carefully balanced limits“, the Working Group highlights the particular challenges associated with the use of the ‘legitimate interest’ criterion as an alternative legal ground for data processing for Big Data purposes.

  • Anonymization: The risk of re-identification has been a theme throughout the Working Paper. The Working Group distinguishes anonymous data from pseudonymized data – only the former fall out of the scope of data protection legislation. Anonymization, which is increasingly challenging, may help alleviating or eliminating the privacy risks, provided it is engineered appropriately.

  • Transparency: The Working Group supports greater transparency and control from collection to the use of data. Each individual should have access to his or her profile, including information on which algorithms have been used, and information should be provided in a clear and understandable format. The Working Group is also supportive of the idea of data portability which has also been put forward by the European Commission in its proposal for a General Data Protection Regulation. Individuals should receive all data about themselves in a user-friendly, portable and machine-readable format where appropriate. The Working Paper also promotes enhanced knowledge and awareness, for instance, through training and courses taught at universities and colleges.

  • Privacy by Design and Accountability: The use of Big Data technologies should be based on the seven principles of Privacy by Design. Privacy Impact Assessments are mentioned as a helpful tool. Moreover, data controllers need to demonstrate that they are being accountable. They should conduct regular controls to ensure that decisions resulting from the profiling are responsible, fair, ethical and compatible with the purpose for which the profiles are being used.

© 2024 Covington & Burling LLP

Current Legal Analysis

More from Covington & Burling LLP

Standing Issues in Data Breach Litigation: An Overview
by: Priscilla Fasoro , Lauren Wiseman
Financial Agencies Release Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing
by: Lucille C. Bartholomew
Senate Confirms Kraninger as BCFP Director
by: Luis Urbina
FTC Solicits Public Comment on Identity Theft Detection Rules
by: S. Burr Eckstut
Significant FDA Digital Health Policy Development for Prescription Drug Sponsors
by: Mingham Ji , Christina G. Kuhn
First Significant Pay-to-Play Legislation for the District of Columbia Approved by D.C. Council
by: Kevin Glandon
FTC Settles with PR Firm and Publisher Over Social Media Endorsements
by: Inside Privacy Blog at Covington and Burling
Senate Testimony Highlights Tensions in BSA/AML Reform Efforts as Lawmakers Consider Bipartisan Legislation
by: Sam Adriance
Reprieve in U.S.-China Trade Tensions: U.S. Tariffs on $200 Billion in Chinese Imports to Stay at 10 Percent for 90 Days; China to Purchase U.S. Goods
by: Christopher Adams , John Veroneau
AI Update: FCC Hosts Inaugural Forum on Artificial Intelligence
by: Thomas Parisi

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins