A recent statement from the Article 29 Working Party, the independent European advisory body on data protection and privacy, comprised of representatives of the national data protection authorities of the EU Member States, the European Data Protection Supervisor and the European Commission, finds that the EU data protection principles, outlined in the EU Data Protection Directive 95/46/EC, are still valid and appropriate for the development and use of big data analysis.
The statement responded to recent calls by stakeholders that certain data protection principles under EU law should be “substantially reviewed” to enable promising developments in big data operations. The Article 29 Working Party Statement, adopted on September 16, 2014, acknowledged that challenges presented by big data might require “innovative thinking” on how to address key data protection principles; but, the protection of personal data remains fundamentally engrained in building trust between companies and consumers.
Key messages from the statement include:
- Although many individual and collective benefits are expected from development of big data,
- the real value of big data still remains to be proven.
- The retention and analysis of huge amounts of personal data in big data environments require particular attention and care.
- Complying with the application of purpose limitation and data minimization (see InsidePrivacy, Article 29 Working Party Releases New Opinion on Purpose Limitation, April 15, 2013) is key to creating and keeping the trust of users. The Working Party also refers to its Opinion on Anonymisation techniques and its Opinion on Legitimate Interest, discussed in InsidePrivacy, European Regulators Set Out Data Anonymization Standards, April 23, 2014, and InsidePrivacy, European Data Protection Regulators Clarify the Scope of the Balancing Test Required for Reliance on the “Legitimate Interests” Ground for Data Processing, April 29, 2014).
- Investment in privacy-friendly solutions is essential to ensure fair competition between economic players on the relevant markets.
- International cooperation among regulators is needed to ensure data protection rules are respected and enforced.
The statement is in line with other opinions that compliance with the data protection principles for big data operations is as relevant as before (see, for instance, the recent Opinion of the International Working Group on Data Protection in Telecommunications, discussed in InsidePrivacy, Big Data Analysis is Possible Without Infringing Key Privacy Principles, Says International Working Group, September 15, 2014).