A Process-Based Approach to Informational Privacy and the Case of Big Medical Data

20 Theoretical Inquiries in Law 257-290 (2019)

30 Pages Posted: 25 Feb 2018 Last revised: 8 Jan 2019

See all articles by Michael Birnhack

Michael Birnhack

Tel Aviv University - Buchmann Faculty of Law

Date Written: February 25, 2018


Data protection law has a linear logic, in that it purports to trace the lifecycle of personal data from creation to collection, processing, transfer, and ultimately its demise, and to regulate each step so as to promote the data subject’s control thereof. Big data defies this linear logic, in that it decontextualizes data from its original environment and conducts an algorithmic nonlinear mix, match, and mine analysis. Applying data protection law to the processing of big data does not work well, to say the least.

This Article examines the case of big medical data. A survey of emerging research practices indicates that studies either ignore data protection law altogether or assume an ex post position, namely that because they are conducted after the data has already been created in the course of providing medical care, and they use de-identified data, they go under the radar of data protection law. These studies focus on the end-point of the lifecycle of big data: if sufficiently anonymous at publication, the previous steps are overlooked, on the claim that they enjoy immunity. I argue that this answer is too crude.

To portray data protection law in its best light, we should view it as a process-based attempt to equip data subjects with some power to control personal data about them, in all phases of data processing. Such control reflects the underlying justification of data protection law as an implementation of human dignity. The process-based approach fits current legal practices and is justified by reflecting dignitarian conceptions of informational privacy.

Keywords: privacy, data protection, medical data, big data, information ethics, anonymization, research, de-identification, re-identification

Suggested Citation

Birnhack, Michael D., A Process-Based Approach to Informational Privacy and the Case of Big Medical Data (February 25, 2018). 20 Theoretical Inquiries in Law 257-290 (2019), Available at SSRN: https://ssrn.com/abstract=3129588 or http://dx.doi.org/10.2139/ssrn.3129588

Michael D. Birnhack (Contact Author)

Tel Aviv University - Buchmann Faculty of Law ( email )

Ramat Aviv
Tel Aviv, 69978
+972-3-640-6623 (Phone)

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics