European Data Protection Supervisor
European Data Protection Supervisor

EDPS encourages a new debate on Big Data

EDPS encourages a new debate on Big Data


EDPS encourages a new debate on Big Data

Today, as the European Data Protection Supervisor (EDPS) published his Opinion, Meeting the Challenges of Big Data, he said he wanted to launch a new, open discussion with legislators, regulators, industry, IT experts, academics and civil society to explore how the social benefits that big data brings can be harnessed while better protecting the dignity and the fundamental rights and freedoms of individuals in a more effective and innovative way.

Giovanni Buttarelli, EDPS, said: “Big data implies bigger data protection and more user control is key for its responsible application in the future. Privacy laws have been developed to protect our fundamental rights and values. The question industry and public entities must ask themselves is not whether to apply these laws to big data processes, rather how to apply them more effectively. We want to engage with all key interlocutors, in and outside the EU, to explore creative and future-oriented solutions to better preserve values while achieving social benefits in the public interest."

The internet has evolved such that the tracking of people's behaviour has become an essential revenue stream for some of the most successful companies. This development calls for a critical assessment and the search for workable alternatives.

As a continuation of the theme from his recent Opinion on Data Ethics, the EDPS calls upon organisations to be accountable and transparent, to have a new ethical approach to handling the personal data they collect. He points out that fostering consumer trust is a smart business strategy: complying with data protection laws and demonstrating respect for the persons whose personal data they use by giving them dynamic control over their own personal information - starting with the rights of access, data portability and effective opt-in and opt-out mechanisms depending on the circumstances.

Companies and other organisations that invest in finding innovative ways to use personal data should use the same innovative mind-set when implementing data protection law.   

Organisations must be much more transparent: by giving individuals clear information on what data is processed about them, including data observed or inferred about them and by better informing them how and for what purposes their information is used.

User control will help to ensure that individuals are able to better detect unfair biases and challenge mistakes. It will also mean that individuals are given genuine, informed choice and more control over their data.

The EDPS encourages the EU to ensure coherence in consumer protection, antitrust, research and development as was already highlighted in the EDPS Opinion on Privacy and competitiveness in the age of big data.

The European Data Protection Supervisor wants to stimulate an informed discussion particularly in the EU, including a Big Data Protection workshop for policy makers and other experts in the near future. By engaging in such dialogue, the EDPS hopes to bring into focus the challenges of big data to the rights of privacy and data protection.

Background information

Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.

More specifically, the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor (EDPS) - are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.

Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.

EDPS Strategy 2015-2019: Unveiled on 2 March 2015, the 2015-2019 plan summarises the major data protection and privacy challenges over the coming years and the EDPS' three strategic objectives and 10 accompanying actions for meeting them. The objectives are (1) Data protection goes Digital (2) Forging Global Partnerships and (3) Opening a New Chapter for EU Data Protection.

Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).

Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.

Big data: Gigantic digital datasets held by corporations, governments and other large organisations, which are then extensively analysed using computer algorithms. See also Article 29 Working Party Opinion 03/2013 on purpose limitation p.35.