Big Data Analytics Under the EU General Data Protection Regulation
This paper has been first published in Dutch by SDU Uitgevers in 2017 as Chapter 3 “Big data en het gegevensbeschermingsrecht”, in: “Big data en het recht. Een overzicht van het juridisch kader voor big data toepassingen in de private sector, Reeks Monografieën Recht en Informatietechnologie.
38 Pages Posted: 26 Jul 2017
Date Written: May 21, 2017
The authors outline the impact on individuals and society as a whole of innovative big data applications by the private sector. Wherever data are gathered concerning potential behavior and actions of individuals, it becomes possible to influence the behavior not only of the relevant individuals, but also of whole groups of the population. This is where the issue of privacy becomes relevant to societal inclusion and exclusion, and the potential for discrimination. The values that could potentially be compromised are the protection of personal autonomy, freedom of choice, self-identity, and the unimpeded flow of information and ideas as the basis for self-development. And these rights and freedoms are, in turn, instrumental to the proper functioning of our democratic society. The authors point out that the outcome of the discussion on these subjects cannot be separated from assessment of the legitimacy of personal data processing. Personal data are first processed, which involves profiling individuals, and decisions are taken on that basis which can have a discriminatory or otherwise negative impact on the individuals. Consequently, the right to privacy is a gateway for the protection of other fundamental rights and freedoms of the individual and, by extension, for our democratic society. Hence, in the absence of political and societal debate of the desired outcome of big data developments, a careful assessment of the legitimacy of the relevant processing of personal data also becomes problematic. Against this background, the authors outline and give a detailed analysis of the framework for profiling of individuals under the upcoming EU General Data Protection Regulation. In identifying and assessing the impact of big data analysis and profiling on the privacy of individuals, the authors classify the big data analytics activities of the private sector into three categories (i.e. business intelligence, targeted marketing and targeted decision-making), each of which has a different impact on privacy and different consequences for individuals and is therefore subject to a different regime. Authors further distinguish the differences in impact on individuals depending on the (i) various ways to employ the discovered correlations and predictions; (ii) the variety of means by which to make individuals identifiable and (ii) the different types of information obtained about them. These distinctions are relevant for the applicable legal framework, since they affect the position and privacy and other rights of individuals in different ways. The paper concludes with setting out the practical guidelines for application of big data analytics (including profiling).
Keywords: GDPR, big data, profiling
Suggested Citation: Suggested Citation