The collection and control of massive amounts of personal data are a source of market power for the biggest players in the global market for internet services, said the European Data Protection Supervisor (EDPS) today. Personal information has become a form of currency to pay for so-called 'free' online services and is a valuable intangible asset for an increasing number of companies doing business in the EU. This requires closer interaction between different regulators.
Peter Hustinx, EDPS, said, "The evolution of big data has exposed gaps in EU competition, consumer protection and data protection policies that do not seem to have kept up with this development. Smarter interaction across these partially overlapping policy areas will support growth and innovation and minimise the potential harm to consumers. The EDPS is pleased to be facilitating discussions between regulators and experts in these fields."
In his preliminary Opinion on privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection, published today, the EDPS notes that the EU rules in these policy areas have much in common: each aims to promote growth and innovation and to promote the welfare of individual consumers.
However, there is currently little dialogue between policy makers and experts in these fields. Sectors of the economy ranging from transport to health, banking to energy, are seeking to exploit the potential of big data, which includes vast volumes of personal data.
It is essential that synergies in the enforcement of rules controlling anti-competitive practices, mergers, the marketing of so-called ‘free’ on-line services and the legitimacy of data processing are explored. This will help to enforce competition and consumer rules more effectively and also stimulate the market for privacy-enhancing services.
To this end, the EDPS will facilitate discussions among experts and practitioners from the EU and the US, including a workshop in Brussels on 2 June 2014.
The EDPS preliminary Opinion examines some of the convergences and tensions in these areas of EU law against the evolution of big data. In particular, he notes:
- the need for a fuller understanding of the massive growth in services that are marketed as free but in effect require payment in the form of the personal information of their customers;
- the need for a definition of consumer harm in the enforcement of competition rules, in markets where powerful players may refuse access to personal information and may apply confusing privacy policies;
- how closer dialogue between regulators and experts on the rules and policies in data protection, competition and consumer protection could help promote consumer choice, diversity of services which safeguard privacy and greater control for consumers over their personal information.
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
More specifically, the rules for data protection in the EU - as well as the duties of the EDPS - are set out in Regulation (EC) No 45/2001. One of the duties of the EDPS is to advise the European Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues that have an impact on data protection. Furthermore, EU institutions and bodies processing personal data presenting specific risks to the rights and freedoms of individuals ('data subjects') are subject to prior-checking by the EDPS.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.
Big data: Gigantic digital datasets held by corporations, governments and other large organisations, which are then extensively analysed using computer algorithms. See also Article 29 Working Party Opinion 03/2013 on purpose limitation p.35.
Preliminary opinion: Rather than responding to a specific proposal from the Commission, EDPS preliminary Opinions are intended to help inform and stimulate debate on the application of EU rules, hitherto developed largely in parallel, to a rapidly expanding sector of the economy. Subsequent discussions may clarify the need for specific policy responses, which might be the subject of a further Opinion.