Big Data: The End of Privacy or a New Beginning?

TLDR: In this paper, the authors argue that this Regulation, in seeking to remedy some longstanding deficiencies with the DPD as well as more recent issues associated with targeting, profiling, and consumer mistrust, relies too heavily on the discredited informed choice model, and therefore fails to fully engage with the impending Big Data tsunami.

Abstract: ‘Big Data’ refers to novel ways in which organizations, including government and businesses, combine diverse digital datasets and then use statistics and other data mining techniques to extract from them both hidden information and surprising correlations. While Big Data promises significant economic and social benefits, it also raises serious privacy concerns. In particular, Big Data challenges the Fair Information Practices (FIPs), which form the basis of all modern privacy law. Probably the most influential privacy law in the world today is the European Union Data Protection Directive 95/46 EC (DPD). 1 In January 2012, the European Commission (EC) released a proposal to reform and replace the DPD by adopting a new Regulation. 2 In what follows, I argue that this Regulation, in seeking to remedy some longstanding deficiencies with the DPD as well as more recent issues associated with targeting, profiling, and consumer mistrust, relies too heavily on the discredited informed choice model, and therefore fails to fully engage with the impending Big Data tsunami. My contention is that when this advancing wave arrives, it will so overwhelm the core privacy principles of informed choice and data minimization on which the DPD rests that reform efforts will not be enough. Rather, an adequate response must combine legal reform with the encouragement of new business models premised on consumer empowerment and supported by a personal data ecosystem. This new business model is important for two reasons: First, existing business models have proven time and again that privacy regulation is no match for them. Businesses inevitably collect and use more and more personal data, and while consumers realize many benefits in exchange, there is little doubt that businesses, not consumers, control the market in personal data with their own interests in mind. Second, a new business model, which I describe below, promises to stand processing of personal data on its head by shifting control over both the collection and use of data from firms to individuals. This new business model arguably stands a chance of making the FIPs efficacious by giving individuals the capacity to benefit from Big Data and hence the motivation to learn about and control how their data are collected and used. It could also enable businesses to profit from a new breed of services