The big data up against the GDPR wall?
Able to store an inexhaustible number of digital data, is “Big Data” compatible with the GDPR?
Have you ever wondered how much data everyone produces every day? All these data that go beyond human comprehension (we’re talking about petabytes or even zetaoctets) do not disappear by magic… Actually, they are gathered to create something called the “big data”.
The hugeness of personal data and the big data
The big data is the name given to systems that store an infinite amount of digital data that new technologies produce (that’s how it works) in order to analyze them.
This includes for example GPS data, online shopping, emails and other texts, videos, pictures, sounds and any other kind of document…
A scientific definition was given in 2001 by Gartner (formerly Meta Group). Doug Laney explained big data according to the “3V” principle:
- Volume of data to be processed
- Variety of information (from several sources, structured or unstructured or semi-structured…)
- Velocity to reach
The tip of the iceberg
To achieve complete customer satisfaction and meet unaware customer needs, the companies started using these masses of data.
Even if the Big Four tech companies were the only ones to resort to this at first, you should be aware that this practice spread to a large majority of companies…
Let’s take a concrete case: I’m a company whose ambition is to create an application for teenagers who practice an intense sporting activity. Questions of content, design… will come up very soon. So, to position myself as a leader, what’s better than dipping into the big data all the data about this target to have a great feedback of their habits, their needs, their desires, their tastes…?
This data processing on a very large scale, enables thinkers to come up with solutions that always meet the consumers’ needs and that makes them one of the greats in their sector.
Perfect, you say? And yet…
If consumers were asked what information about them is contained within the big data, would they be able to answer? Do they know which company or companies take advantage of this? Since when? For how long? What they get out of this processing? How to stop the processing?…
Even though answering these questions is difficult or even impossible, you should know that there are actually very concrete answers. They are just undisclosed to the owners of these data…
→ That’s when the GDPR comes into play.
For loss of power over personal data, is the GDPR a solution?
The GDPR clarifies, strengthens, modifies existing data protection standards and creates new ones. It does so in a clearly stated desire to guarantee a greater protection of personal data.
In this quest for protection and in order to guarantee an ever-increasing minimum protection, it lays down basic principles that must be applied in all circumstances. This is the case with the Privacy by Design concept (see the article about the GDPR fundamentals).
The Privacy by Design principle
This concept is not new and comes from Canada. If there is one element that you should keep in mind, here it is:
Beforehand: i.e. the systems implemented to collect the data must let the users know the data processing that will be carried out (and here comes into play fairness, transparency and lawfulness).
Until the end of this processing: the protection must occur throughout the whole processing of the data until its extinction.
So how do you win over a system in which many data are used without the owner’s knowledge with the GDPR and the rights it guarantees?
Big data and the GDPR: a common ground?
What are the guarantees of the GDPR?
- Identify all the data: this will start with everyone taking responsibility for the data they own. But who owns what? To answer this question, the GDPR requires that the companies make a list of all the data they possess in order to create records of the processing activities.
Ultimately, this directory serves two purposes:
- Retributing the data to their owners and make them responsible for any action taken on them.
- Giving back to the individuals power over their data (and thus guarantee their rights).
- Protect: in order to protect all natural persons, the GDPR applies at several levels.
First, it requires companies to guarantee a set of rights. The individuals will be able to regain power over their data that were previously completely beyond their control.
Secondly, it requires to adopt a certain behavior regarding the data processing. Indeed, the GDPR requires companies to respect the obligations of transparency, fairness and lawfulness. These three seemingly harmless words are actually what will guarantee the protection of how the companies use the data of these people.
Therefore, the big data is not incompatible with the GDPR, but a giant step remains to be taken before the solutions given by the GDPR are applied by all the companies.
Be also part of these companies that protect their data on their website and web application! Discover the steps to be in a perfect compliance with the General Data Protection Regulation (GDPR) :