On September 16, 2014, the Article 29 Working Party (the “Working Party”) adopted a Statement on the impact of the development of big data on the protection of individuals with regard to the processing of their personal data in the EU (“Statement”). This two-page Statement sets forth a number of “key messages” by the Working Party on how big data impacts compliance requirements with EU privacy law, with the principal message being that big data does not impact or change basic EU data protection requirements.
Noting that the real value of big data remains to be proven, the Working Party rejected the idea that the principles of purpose limitation and data minimization, or the requirements that data must be adequate, relevant and not excessive in relation to its purpose, might have to be reconsidered at this time in light of big data.
It also expressed opposition to calls for a “use model” or a model primarily focused on risk of harm.
Instead, while acknowledging the need for innovative thinking on how key data protection principles apply in the context of big data, the Working Party found “no reason to believe that the EU data protection principles are no longer valid and appropriate for the development of big data.” However, it left open the possibility of “further improvements to make [the principles] more effective in practice” in the context of big data.
Other “key messages” include:
- The Working Party supports making big data benefits available to individuals and society.
- Big data raises important social, legal and ethical questions, including privacy and data protection rights.
- Privacy expectations of users must be met in the context of big data.
- Upholding the purpose limitation is essential to preclude companies that have built monopolies and dominant positions from inhibiting market entry by others.
- The Working Party has already provided guidance on numerous big data-related issues such as purpose limitation, anonymization, legitimate interest, and necessity and proportionality in law enforcement.
- The Working Party will work with international regulators to ensure that EU data protection rules are appropriately applied to big data.
- The Working Party understands the compliance challenges caused by the varying requirements in different jurisdictions.
- International cooperation is needed to provide consistent guidance on operational and compliance questions as well as on joint enforcement of applicable rules.
- EU data protection rights that are based on a fundamental right are subject only to limited exceptions under the law.