Big Data is a breakthrough technology for a lot of companies. It has allowed them to facilitate the real-time processing of massive data sets they have collected from various sources in order to significantly enhance their businesses. A major contributing factor has been the development of tools and techniques (e.g., data visualization, data analytics, and machine learning) which have paved the way for its application in a diverse range of fields and industries.
Today, we enjoy a lot of the benefits of Big Data use. This, however, should not be taken as a license to do away with other things of equal value (if not more) such as the people’s fundamental rights and freedoms. Throughout history, bargains like that have never ended up well.
With power comes responsibility
There are now many ongoing discussions regarding the responsible use of Big Data, albeit probably not as extensive yet as those exploring ways to make such use more efficient and broader in scope. This has to change.
While it is understandable for businesses and governments to want to tap into the technology’s considerable potential, they cannot turn a blind eye to the risks its adoption entails. Despite its undeniable benefits, it would be the height of irresponsibility to ignore such risks.
Truly, there is a need to define the boundaries that Big Data should be allowed to traverse, especially when concerning personal data. Questions have to be asked:
- What is (and isn’t) considered personal data in when dealing with Big Data?
- Who owns the collected data?
- What is the legal basis for collecting personal data used in Big Data Analytics?
- Who is accountable for protecting collected data sets?
Other initiatives should include:
- Developing tools with a “privacy by design” approach. Privacy and Big Data are not mutually exclusive concepts, for it is possible to pursue the different applications of Big Data without compromising the privacy of individuals. In recognizing this, Big Data proponents should design systems that proactively uphold privacy in order to create an default safety net that protects people from any unintended breach of their privacy. They should come up with mechanisms that respect the rights of data subjects, and place great emphasis on the security and integrity of data.
- Conducting privacy impact assessments. Anticipating risks and potential issues that may arise can help determine the type and extent of security measures that need to be in place in order to ensure privacy and security in Big Data systems. This can be done via privacy impact assessments (PIAs). As a result, data leaks could be prevented or at least their impact is substantially mitigated. On top of that, PIAs also demonstrate that the entities behind Big Data systems exercise due diligence in going about their businesses.
- Giving life to data privacy principles. Parties involved in Big Data use must observe the data privacy principles enshrined in practically all data privacy laws. This means upholding transparency, legitimate use, and proportionality in their data processing activities. Other principles like data minimization, accountability, and data security must also be implemented.
- Implementing security measures (e.g., anonymization, pseudonymization, etc.). Whenever possible, security measures must be embedded all throughout the life cycle of information as it is processed by Big Data systems. They may consist of anonymization or pseudonymization techniques, or the adoption of encryption technologies. Together, they all serve to mitigate any potential harm resulting from the identification of specific individuals and the misuse of their information.
- Ensuring that mechanisms that allow for the exercise of data subject rights are in place. It is ultimately the Individual (i.e., data subject) that ought to have control over how information his or her information will be used and processed. Big Data enthusiasts should acknowledge this. Accordingly, they should implement mechanisms that accommodate people who wish to exercise their rights over their personal data, such as asking companies to delete their personal data in the latter’s custody.
What to expect
In the end, no one is suggesting that Big Data use should be inhibited—let alone, discarded completely. Rather, what is hoped is to see it constantly improve, but in a consistently responsible manner. Among other things, it should not be at the expense of the individual’s right to privacy.
To be sure, there are many successful Big Data initiatives to date that reflect a proper balance. In moving forward, it is these experiences that ought to be replicated in other quarters. This way, the technology is truly made to benefit the people.
If you’re interested in knowing more about this subject, you can read the briefing paper prepared by the Foundation for Media Alternatives here.