BIG DATA & GDPR
Big Data – an extract from contemporary views on GDPR
In HMG and MOD particularly, we used concepts of aggregation to determine our views on how to handle data. We looked at large amounts of data where each record on their own was not particularly sensitive, but given that a large data loss might allow an unlawful recipient to search that data the outcome, or consequence might actually become sensitive. If the search was by association correlating a person with a location and could then be ‘married’ to other sensitive information about the person identified the impact was thought potentially higher. We needed to treat that database not as SECRET but with the same due care and attention as if it was secret. Now with big data, aggregated data and the data science of analytics these associational qualities can be ‘married’ for purposes that do not serve the stated intention for the collection of each record. We need to think about Big Data in the sense of how it can be exploited, ‘wrongfully’ used for profiling by association to provide marketing information. We need to think how the rights of the citizen can be satisfied where back-ups are “somewhere in the cloud”, on Iron Mountain tapes. Can this data be retrieved? Can we be sure that when we delete information on data subject request, we delete all copies and that it cannot reappear through the magic of metadata manipulation? Can we be sure that anonymization or pseudonymising or encryption really work and cannot be ‘undone’?
Big data is "all about seeing and understanding the relation within and among pieces of information that, until very recently, we struggled to fully grasp.” Discovering these new relationships is the work of analytics — the automated processing of data. This central feature of big data faces differing perceptions that produce ambivalence in the General Data Protection Regulation that will affect how big data is used.
On one hand, the European Commission is placing a big bet on big data in its strategy for economic growth. The EU's 2015 Digital Single Market Strategy targets big data as "central to the EU's competitiveness" and a "catalyst for economic growth, innovation and digitisation across all economic sectors [...] and for society as a whole.” On the other hand, use of automated processing — algorithms — touches a deep vein of distrust of computing and data use. As put by the Article 29 Working Party (WP29), "the real value of big data still remains to be proven.” I have copied the arguments read so far into a PDF.