Ahead of Data Protection Day on 28 January 2017, the Committee of the Council of Europe´s Data Protection Convention, also known as "Convention 108", adopted guidelines on Big Data aiming to assist policy makers and organisations processing personal data to place people at the centre of the digital economy.
The nature of Big Data may make very challenging the application of traditional principles of personal data protection, such as purpose limitation or data minimisation. The guidelines contain a set of recommendations such as:
- Any Big Data processing of personal data should comply with the requirement of free, specific, informed and unambiguous consent, and the principles of purpose limitation, fairness and transparency.
- Data processors should provide easy and user-friendly technical way for individuals to withdraw their consent.
- Data controllers and processors should assess the likely impact on human rights of Big Data processing, for example, by establishing ethical committees. They should carry out risk assessments, and develop solutions by-design and by-default to mitigate the risks.
- The technical anonymisation of data could be combined with legal or contractual obligations to prevent possible re-identification of the persons concerned.
Alessandra Pierucci, Chairperson of the Committee of "Convention 108" highlighted "the importance of providing guidance on what has become in the past years an exponential source of knowledge, and an exponential source of processing of personal data. This first step of the Committee towards a stronger protection of persons in our big data environment will have to lead to further steps, to follow the fast pace evolution of big data related technologies".
Big Data represent a new paradigm in the way in which information is collected, combined and analysed. Big Data - which benefit from the interplay with other technological environment such as internet of things and cloud computing - can be a source of significant value and innovation.