Share This Article
Big data and Internet of Things (IoT) are the keys of the success for a large number of (if not all) companies, but their exploitation requires to deal with privacy and compliance issues.
What is Big Data?
According to Gartner
โBig data is high volume, high velocity, and/or high variety information assets that require new forms of processing to enable enhanced decision making, insight discovery and process optimizationโ.
An interesting infograohic from Bain & Company shows that financial services companies invested $ 6.4 bn in big data in 2015 and that there will be an annual growth of 22% up to 2020 with companies using big data that are 5 times more likely to make decisions โmuch fasterโ than the competition.
However, the usage of big data can trigger some legal issues.
If the data is BIG doesnโt mean that is privacy compliant
There is sometimes the general perception that large databases aggregating data are privacy compliant and no data protection issue should be considered in relation to them. However, if a large database is the result of the collection of personal data that is then aggregated and anonymised, we would still have a privacy breach at the time of the collection and initial processing of personal data. And the process of anonymization would in any case require to comply with stringent restrictions.
The essence of big data is to collect as much data as possible, but this is just the opposite of the privacy principle according to which personal data shall be โnot excessiveโ in relation to the purpose for which it is processed. And indeed, the comment that I usually have from some clients is that they collect more data than necessary since such data โmightโ become useful. This conduct would be a major privacy breach that under the terms of the EU Privacy Regulation will trigger fines up to โฌ 20 million or 4% of a companyโs global annual turnover (whichever is the greater).
The issue is whether such broad usage of personal data should be somehow restricted or a new way of granting privacy consent should be identified as occurred in Italy with reference to cookies regulations.
And in the Internet of Things?
I mentioned in this post that big data is the โmoney makerโ of the Internet of Things. But, as pointed out by European data protection regulators, the Internet of Things places considerable privacy issues since sensors will be able to collect a much larger variety of personal data. However, as discussed during our workshop, restrictive European privacy regulations might lead to a competitive disadvantage for European companies against US companies which might rely on more flexible privacy regulations recently reviewed by the FTC. This is one of the main points discussed with the Italian data protection authority as part of the consultation just launched on the Internet of Things where an essential element of the debate is whether privacy by design might be the right solution to balance individualsโ interests with those of companies requiring data for their business.
But Big Data is not only about privacyโฆ
Big Data poses considerable additional legal issues such as:
- Intellectual property compliance: big data databases might be protected in some countries under copyright laws and in Europe they are very likely to be protected under the database sui generis right. Their usage will require the consent of the IP rights owner;
- Confidentiality: big data might be protected not only under intellectual property laws, but they might reppresent confidential information of a company or even a trade secret;
- Contractual and licensing restrictions: confidentiality and IP related restrictions mentioned above imply that users of big data shall make sure that they have the right to use it and the license granted to them allows them to perform a specific type of data usage or communication of data to third parties;
- M&A transactions: the review of usage rights on big data and in general databases and their compliance with privacy laws is becoming an essential part of M&A due diligence reviews. Big data and customersโ databases are esponentially recognised as a fundamental and valuable โassetโ of a company. And indeed we closed one of the largest M&A deals in Italy last year where the usage of customersโ databases has been a fundamental element of the negotitation that led to long discussions aimed at ensuring privacy compliant solutions that were also business oriented;
- Big data liability: big data allows to predict the behaviour of customers, market trends and inefficiencies of a company. But if such โpredictionsโ are not translated into actions, companies might face liabilities towards their customers since the damages suffered by them are likely to be considered โpredictableโ under local laws and directors and managers might face internal liabilities towards shareholders. This requires to put in place adequate internal procedures ensuring that such issues are timely addressed and actions are promptly taken since โvelocityโ is one of the main features of big data.
This is a fascinating topic and I am sure we will discuss much longer about it! If you found this article interesting, please share it on your favourite social media.
Follow me on LinkedIn โ Facebook Page โ Twitter โ Telegram โ YouTube โ Google+
