Incompatible: The GDPR in the Age of Big Data

26 Pages Posted: 22 Aug 2017  

Tal Zarsky

University of Haifa - Faculty of Law

Date Written: August 8, 2017

Abstract

After years of drafting and negotiations, the EU finally passed the General Data Protection Regulation (GDPR). The GDPR’s impact will, most likely, be profound. Among the challenges data protection law faces in the digital age, the emergence of Big Data is perhaps the greatest. Indeed, Big Data analysis carries both hope and potential harm to the individuals whose data is analyzed, as well as other individuals indirectly affected by such analyses. These novel developments call for both conceptual and practical changes in the current legal setting.

Unfortunately, the GDPR fails to properly address the surge in Big Data practices. The GDPR’s provisions are — to borrow a key term used throughout EU data protection regulation — incompatible with the data environment that the availability of Big Data generates. Such incompatibility is destined to render many of the GDPR’s provisions quickly irrelevant. Alternatively, the GDPR’s enactment could substantially alter the way Big Data analysis is conducted, transferring it to one that is suboptimal and inefficient. It will do so while stalling innovation in Europe and limiting utility to European citizens, while not necessarily providing such citizens with greater privacy protection.

After a brief introduction (Part I), Part II quickly defines Big Data and its relevance to EU data protection law. Part III addresses four central concepts of EU data protection law as manifested in the GDPR: Purpose Specification, Data Minimization, Automated Decisions and Special Categories. It thereafter proceeds to demonstrate that the treatment of every one of these concepts in the GDPR is lacking and in fact incompatible with the prospects of Big Data analysis. Part IV concludes by discussing the aggregated effect of such incompatibilities on regulated entities, the EU, and society in general.

Keywords: Big Data, GPDR, Privacy, Data Protection, Automated Decisions, Purpose Specification, Data Minimization

Suggested Citation

Zarsky, Tal, Incompatible: The GDPR in the Age of Big Data (August 8, 2017). Seton Hall Law Review, Vol. 47, No. 4(2), 2017. Available at SSRN: https://ssrn.com/abstract=3022646

Tal Zarsky (Contact Author)

University of Haifa - Faculty of Law ( email )

Mount Carmel
Haifa, 31905
Israel

Register to save articles to
your library

Register

Paper statistics

Downloads
972
rank
20,568
Abstract Views
2,880
PlumX