open data and protection of personal data: what does the law provide ?

When talking about big data, there are two contradictory reactions: some are amazed at the new innovations that are based on big data while others are concerned about abuse of personal data. How do French and European legal frameworks respond to these new data usages?

Usage of big data has evolved from ‘simple’ data mining to constructing statistical models which are able to make predictions on incomplete data. Be it data that’s just produced, collected or made available under specific conditions, at all the stages, it has potential application in all areas of daily and economic life.

A discriminatory paradigm shift?

In the field of big data, predictive modeling methods allow phenomenal advances in creating services but this also poses some serious questions on ethics. On one hand, what we try to know through data is no longer based on priori but possibly by data processing. On the other hand, these predictions tend to see individuals not on the basis of their past behaviors but on the probability of their future actions. Thus, issues like discrimination and equal access to aggregated data are emerging.

However, the European and French laws dealing with this subject (Directive 95/46 / EC and the Data Protection Act) were drafted before this paradigm shift and they consider a predefined processing purpose: ‘Data should be adequate, relevant and not excessive in relation to the purposes for which they are transferred or further processed.’

Were any legal safeguards created since then in order to ensure rational use of big data?

European Union has addressed this issue in 2015: the European Data Protection Supervisor has laid down four principles for protection of personal data. Any use of data must:

– ensure that privacy is taken into account in the way information systems work. This is called ‘privacy by design’.
– guarantee the transparency of data processing.
– allow natural persons to control their data by right to data portability and right to delete.
– respect the principle of ‘accountability’ by documenting, evaluating and analyzing the impact of data usage.

The European Union Agency for Network and Information Security (ENISA) made recommendations along the same lines in its 2015 report.

Zoom on…personal data

With personal data, one can identify a natural person directly or indirectly. Personal data is protected by Data Protection Act (category ‘personal data’). Example- names, addresses, geolocation.

More articles