全部 标题 作者
关键词 摘要

Personal Data v. Big Data in the EU: Control Lost, Discrimination Found

DOI: 10.4236/ojpp.2018.83014, PP. 192-205

Keywords: Personal Data, Consent, Control, Discrimination

Full-Text   Cite this paper   Add to My Lib


We live in the Big Data age. Firms process an enormous amount of raw, unstructured and personal data derived from innumerous sources. Users consent to this processing by ticking boxes when using movable or immovable devices and things. The users’ control over the processing of their data appears today mostly lost. As algorithms sort people into groups for various causes, both legitimate and illegitimate, fundamental rights are endangered. This article examines the lawfulness of the data subject’s consent to the processing of their data under the new EU General Data Protection Regulation. It also explores the possible inability to fully anonymize personal data and provides an overview of specific “private networks of knowledge”, which firms may construct, in violation of people’s fundamental rights to data protection and to non-discrimination. As the Big Data age is here to stay, both law and technology must together reinforce, in the future, the beneficent use of Big Data, to promote the public good, but also, people’s control on their personal data, the foundation of their individual right to privacy.


[1]  A29DPWP (2007). Article 29 Data Protection Working Party, Opinion 4/2007 on the Concept of Personal Data.
[2]  A29DPWP (2008). Article 29 Data Protection Working Party, Opinion 1/2008 on Data Protection Issues Related to Search Engines.
[3]  A29DPWP (2011). Article 29 Data Protection Working Party, Opinion 15/2011 on the Definition of Consent.
[4]  A29DPWP (2013). Article 29 Data Protection Working Party, Opinion 03/2013 on Purpose Limitation.
[5]  A29DPWP (2014). Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymization Techniques.
[6]  Almunia, J. (2012). Speech (Nov. 26, 2012) “Competition and Personal Data Protection”.
[7]  Araka, I., Koutras, N., & Makridou, E. (2014). Access to Information: Evolution and digital divide. In M. Bottis (Ed.), The History of Information, from Papyrus to the Electronic Document (pp. 397-416). Athens: Nomiki Vivliothiki.
[8]  Battelle, J. (2005). The Search: How Google and its Rivals Rewrote the Rules of Business and Transformed our Culture. Boston, MA: Penguin Group.
[9]  Bitton, R. (2014). Intelligence Agents, Autonomous Slaves and the U.S. Supreme Court’s Wrong (and Right) Concept of Personal Autonomy. European Journal of Legal Studies, 7, 1.
[10]  Bohannon, J. (2013). Genealogy Databases Enable Naming of Anonymous DNA Donors. Science NY, 339, 262.
[11]  Bottis, M. (2014). Law and Information: A “Love-Hate” Relationship. In M. Bottis (Ed.), The History of Information, from Papyrus to the Electronic Document (pp. 141-152). Athens: Nomiki Vivliothiki.
[12]  Boyd, D., & Crawford, K. (2011). Six Provocations for Big Data. A Decade in Internet Time: Symposium on the Dynamics of the Internet and Society.
[13]  Brabazon, T., & Redhead, S. (2014). Theoretical Times: Reproletarianization. Libsyn.
[14]  Brabazon, T. (2015). Digital Fitness: Self-Monitored Fitness and The Commodification of Movement, Communication Politics & Culture, 48, 1-23.
[15]  Carolan, E. (2016). The Continuing Problems with Online Consent under the EU’s Emerging Data Protection Principles. Computer Law and Security Review, 32, 462-273.
[16]  CFREU (2000). Charter of Fundamental Rights of the European Union. Official Journal of the European Communities, C, 364/1.
[17]  Chander, A. (2017). The Racist Algorithm? Michigan Law Review, 115, 1023-1045.
[18]  Chesterman, S. (2017). Privacy and Our Digital Selves. The Straits Times.
[19]  CJEU (2003). Court of Justice of the European Union. Judgment of 6.11.2003. Case C-101/01, Criminal proceedings against Bodil Lindqvist. Reference for a preliminary ruling: Göta hovrätt, Sweden. EU:C:2003:596.
[20]  Cohen, J. (2000). Examined Lives: Informational Privacy and the Subject as Object, Stanford Law Review, 52, 1373-1438.
[21]  Committee on Commerce, Science, and Transportation (2013). A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes, Staff Report for Chairman Rockefeller. USA: United States Senate.
[22]  Crawford, K., & Schultz, J. (2014). Big Data and Due Process: Toward a Framework to Redress Predictive Privacy Harms. Boston College Law Review, 55, 93-128.
[23]  Cunha, M. V. (2012). Review of the Data Protection Directive: Is There Need (and Room) for a New Concept of Personal Data? In S. Gutwirth et al. (Eds.), European Data Protection: In Good Health? (pp. 267-284). New York: Springer.
[24]  Danagher, L. (2012). An Assessment of the Draft Data Protection Regulation: Does It Effectively Protect Data? European Journal of Law and Technology, 3.
[25]  De Hert, P., & Papaconstantinou, V. (2016). The New General Data Protection Regulation: Still a Sound System for the Protection of Individuals? Computer Law and Security Review, 32, 179-194.
[26]  EDPS (2015). European Data Protection Supervisor, Opinion 7/2015, Meeting the Challenges of Big Data—A Call for Transparency, User Control, Data Protection by Design and Accountability.
[27]  European Commission (2017). Antitrust: Commission Fines Google €2.42 Billion for Abusing Dominance as Search Engine by Giving Illegal Advantage to Own Comparison Shopping Service. European Commission, Press Release.
[28]  Förster, K., & Weish, U. (2017). Advertising Critique: Themes, Actors and Challenges in a Digital Age. In G. Siegert, M. B. Rimscha, & S. Grubenmann (Eds.), Commercial Communication in the Digital Age, Information or Disinformation? (pp. 15-35). Ber-lin/Boston: Walter de Gruyter GmbH.
[29]  Gandy, O. (1993). The Panoptic Sort: A Political Economy of Personal Information. Michigan: Westview Press.
[30]  Gandy, O. (2010). Engaging Rational Discrimination: Exploring Reasons for Placing Regulatory Constraints on Decision Support Systems. Ethics and Information Tech-nology, 12, 29-42.
[31]  GDPR (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, Repealing the Directive 95/46/EC.
[32]  Giannakaki, M. (2014). The Value of Information in the Age of “Big Data”: From Web 1.0 to Web 3.0. In M. Bottis (Ed.), The History of Information, from Papyrus to the Electronic Document (pp. 259-272). Greece: Nomiki Vivliothiki.
[33]  Gilliom, J. (2001). Overseers of the Poor: Surveillance, Resistance, and the Limits of Privacy. Chicago, IL: Series in Law and Society, University of Chicago Press.
[34]  Gindin, S. E. (2009). Nobody Reads Your Privacy Policy or Online Contract: Lessons Learned and Questions Raised by the FTC’s Action against Sears. Northwestern Journal of Technology and Intellectual Property, 8, 1-37.
[35]  Golle, P. (2006). Revisiting the Uniqueness of Simple Demographics in the US Population. In Proceedings of the 5th ACM Workshop on Privacy in the Electronic Society (WPES’06) (pp. 77-80). New York: ACM.
[36]  Gray, J. (2015). The Soul of a Marionette: A Short Enquiry into Human Freedom. UK: Allen Lane.
[37]  Gymrek, M., McGuire, A., Golan, D., Halperin, E., & Erlich, Y. (2013). Identifying Personal Genomes by Surname Inference. Science, 339, 321-324.
[38]  Haggerty, K., & Ericson, R. V. (2006). The New Politics of Surveillance and Visibility. Toronto: University of Toronto Press, Scholarly Publishing Division.
[39]  Hastie, T., Tibshirani, R., & Friedman, J. (2009). The Elements of Statistical Learning: Data Mining, Inference, and Prediction (2nd ed.). Stanford, CA: Stanford University.
[40]  Hill, K. (2012). Max Schrems, The Austrian Thorn in Facebook’s Side. 7 February 2012. Forbes. https://www.forbes.com/sites/kashmirhill/2012/02/07/the-austrian-thorn-in-facebooks-side/
[41]  Himma, E. K. (2007). A Preliminary Step in Understanding the Nature of a Harmful In-formation-Related Condition: An Analysis of the Concept of Information Overload. Ethics and Information Technology, 9, 259-272.
[42]  Hon, W. K., Millard, C., & Walden, I. (2011). The Problem of “Personal Data” in Cloud Computing—What Information Is Regulated? The Cloud of Unknowing. International Data Privacy Law, 1, 211-228.
[43]  Hoofnagle, C. J. (2003). Big Brother’s Little Helpers: How ChoicePoint and Other Commercial Data Brokers Collect and Package Your Data for Law Enforcement. Berkeley Law Scholarship Repository, 29, 595-638.
[44]  Hugenholtz, B., & Guibault, L. (2006). The Future of the Public Domain: An Introduction. In L. Guibault, & B. Hugenholtz (Eds.), The Future of the Public Domain, Identifying the Commons in Information Law (pp. 1-6). The Netherlands: Kluwer Law In-ternational.
[45]  Kang, J., Shilton, K., Estrin, D., Burke, J., & Hansen, M. (2012). Self-Surveillance Privacy. Iowa Law Review, 97, 809-847.
[46]  King, N., & Forder, J. (2016). Data Analytics and Consumer Profiling: Finding Appropriate Privacy Principles for Discovered Data. Computer Law & Security Review, 32, 696-714.
[47]  Knoppers, B. M., & Thorogood, A. M. (2017). Ethics and Big Data in Health, Big Data Acquisition and Analysis. Current Opinion in Systems Biology, 4, 53-57.
[48]  Koelman, J. K. (2006). The Public Domain Commodified: Technological Measures and Productive Information Use. In L. Guibault, & B. Hugenholtz (Eds.), The Future of the Public Domain, Identifying the Commons in Information Law (pp. 105-119). The Netherlands: Kluwer Law International.
[49]  Lam, B. H., & Larose, J. C. (2017). United States: FTC Asked to Investigate Google’s Matching of Bricks to Clicks. 25 September 2017, Mondaq.
[50]  Laudon, J. C. (1996). Markets and Privacy. Communications of the ACM, 39, 92-104.
[51]  Lessig, L. (2006). Code and Other Laws of Cyberspace, Version 2.0. New York: Basic Books.
[52]  Lidstone, H. (2014). Using the Cloud: Trade Secrets and Confidential Information Aren’t So Secret (pp. 1-11). USA: Burns, Figa & Will, P.C.
[53]  Litman, J. (2000). Information Privacy/Information Property. Stanford Law Review, 52, 1283-1313.
[54]  Malgieri, G. (2016). “Ownership” of Customer (Big) Data in the European Union: Qua-si-Property as Comparative Solution? Journal of Internet Law, 20, 1-17.
[55]  Mann, S. (2000). Computer Architectures for Protection of Personal Informatic Prop-erty: Putting Pirates, Pigs, and Rapists in Perspective. First Monday, 5.
[56]  Manovich, L. (2011). Trending: The Promises and the Challenges of Big Social Data. In M. K. Gold (Ed.), Debates in the Digital Humanities. Minneapolis, MN: The University of Minnesota Press.
[57]  Mantelero, A. (2016). Personal Data for Decisional Purposes in the Age of Analytics: From an Individual to a Collective Dimension of Data Protection. Computer Law & Security Review, 32, 238-255.
[58]  Mayer-Schönberger, V., & Cukier, K. (2013). Big Data: A Revolution That Will Transform How We Live, Work, and Think. UK: John Murray.
[59]  Michaels, J. D. (2008). All the President’s Spies: Private-Public Intelligence Partnerships in the War on Terror. California Law Review, 96, 901-966.
[60]  Mitrou, L. (2009). The Commodification of the Individual in the Internet Era: Informa-tional Self-Determination or “Self-Alienation”? In M. Bottis (Ed.), Proceedings of the 8th International Conference of Computer Ethics Philosophical Enquiry (CEPE 2009) (pp. 466-484). Greece: Nomiki Vivliothiki.
[61]  Mitrou, L. (2017). The General Data Protection Regulation, New Law, New Obligations, New Rights. Greece: Sakkoulas.
[62]  Morozov, E. (2011). The Net Delusion, the Dark Side of Internet Freedom. USA: Public Affairs.
[63]  Narayanan, A., & Shmatikov, V. (2008). Robust De-Anonymization of Large Sparse Da-tasets. In IEEE Symposium on Security and Privacy (pp. 111-125). Oakland, CA: IEEE.
[64]  O’Brien, K. (2012). Austrian Law Student Faces down Facebook. The New York Times, 5 February 2012.
[65]  O’Neil, C. (2016). Weapons of Math Destruction, How Big Data Increases Inequality and Threatens Democracy. New York: Broadway Books.
[66]  Ohm, P. (2010). Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization. UCLA Law Review, 57, 1701-1777.
[67]  Oostveen, M., & Irion, K. (2016). The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right? In Bakhoum, G., & Mackenordt, S. (Eds.), Personal Data in Competition, Consumer Protection and IP Law—Towards a Holistic Approach? Berlin: Springer.
[68]  Panagopoulou-Koutnatzi, F. (2015a). THE internet of Things (IoT): The Colonization of Everyday Life or a New Technological Challenge? In Μ. Bottis, E. Alexandropoulou, & I. Igglezakis (Eds.), Proceedings from 6th ICIL 2014: Lifting the Barriers to Empower the Future of Information Law and Ethics (pp. 243-262). Greece: University of Macedonia.
[69]  Panagopoulou-Koutnatzi, F. (2015b). Disclosure of Personal Medical Data with the Permission of the Hellenic Data Protection Authority (HDPA): Institutional Valuation. Administrative Law Journal, 6, 755-771.
[70]  Panagopoulou-Koutnatzi, F. (2017). New Rights under the Data Protection Regulation: A Constitutional Appraisal. Administrative Law Journal, 1, 81-98.
[71]  Pasquale, F. (2015). The Black Box Society, the Secret Algorithms That Control Money and Information. Cambridge, MA: Harvard University Press.
[72]  Petrovic, O. (2017). The Internet of Things as Disruptive Innovation for the Advertising Ecosystem. In G. Siegert, M. B. Rimscha, & S. Grubenmann (Eds.), Commercial Communication in the Digital Age, Information or Disinformation? (pp. 183-205). Germany: Walter de Gruyter GmbH.
[73]  Picker, C. R. (2008). Competition and Privacy in Web 2.0 and the Cloud. Northwestern University Law Review Colloquy, 103, 1-12.
[74]  Pingo Z., & Narayan, B. (2016). When Personal Data Becomes Open Data: An Exploration of Lifelogging, User Privacy, and Implications for Privacy Literacy. In A. Morishima, A. Rauber, & C. L. Liew (Eds.), Digital Libraries: Knowledge, Information and Data in an Open Access Society—18th International Conference on Asia-Pacific Digital Libraries, Tsukuba, Japan (pp. 3-9). Japan: Springer International.
[75]  Powles, J., & Hodson, H. (2017). Google DeepMind and Healthcare in an Age of Algo-rithms. Health and Technology, 7, 351-367.
[76]  Prins, C. (2006). Property and Privacy: European Perspectives and the Commodification of Our Identity. In L. Guibault, & B. Hugenholtz (Eds.), The Future of the Public Domain, Identifying the Commons in Information Law (pp. 223-258). The Nether-lands: Kluwer Law International.
[77]  Rengel, A. (2014). Privacy as an International Human Right and the Right to Obscurity in Cyberspace. Groningen Journal of International Law, 2, 33-54.
[78]  Richards, N. M., & King, J. (2016). Big Data and the Future for Privacy. In F. X. Olleros, & M. Zhegu (Eds.), Handbook of Research on Digital Transformations (pp. 272-290). Cheltenham: Elgar.
[79]  Rubinstein, I. (2013). Big Data: The End of Privacy or a New Beginning? International Data Privacy Law, 3, 74-87.
[80]  Samuelson, P. (2000). Privacy as Intellectual Property? Stanford Law Review, 52, 1125-1173.
[81]  Schneier, B. (2015). Data and Goliath, The Hidden Battles to Collect Your Data and Control Your World. New York: W.W. Norton & Company.
[82]  Scholz, M. T. (2017). Big Data in Organizations and the Role of Human Resource Man-agement, a Complex Systems Theory-Based Conceptualization. New York: Peter Lang.
[83]  Snyder, W. (2011). Making the Case for Enhanced Advertising Ethics: How a New Way of Thinking about Advertising Ethics May Build Consumer Trust. Journal of Advertising Research, 51, 477-483.
[84]  Solove, D. (2013). Introduction: Privacy Self-Management and the Consent Dilemma. Harvard Law Review, 126, 1880-1903.
[85]  Stalla-Bourdillon, S., & Knight, A. (2017). Anonymous Data v. Personal Data—A False Debate: An EU Perspective on Anonymization, Pseudonymization, and Personal Data. Wisconsin International Law Journal, 34, 284-322.
[86]  State v. Loomis (2016). State v. Loomis. 881 N.W.2d 749 (Wis. 2016).
[87]  Steppe, R. (2017). Online Price Discrimination and Personal Data: A General Data Pro-tection Regulation Perspective. Computer Law & Security Review, 33, 768-785.
[88]  Summers, L., & DeLong, J. B. (2001). The “New Economy”: Background, Historical Perspective, Questions and Speculations. Economic Review, Federal Reserve Bank of Kansas City, 86, 29-59.
[89]  Sweeney, L. (2000). Simple Demographics Often Identify People Uniquely. Data Privacy Working Paper No. 3, Pittsburgh, PA: Carnegie Mellon University.
[90]  Tene, O. (2008). What Google Knows: Privacy and Internet Search Engines. Utah Law Review, 4, 1433-1492.
[91]  Tene, O. (2011). Privacy: The New Generations. International Data Privacy Law, 1, 15-27.
[92]  Tene, O., & Polonetsky, J. (2013). Big Data for All: Privacy and User Control in the Age of Analytics. Northwestern Journal of Technology and Intellectual Property, 11, 239-273.
[93]  TFEU (2012). Treaty on the Functioning of the European Union. Official Journal C 326, 26/10/2012 P. 0001-0390.
[94]  Turow, J., & McGuigan, L. (2014). Retailing and Social Discrimination: The New Normal? In S. P. Gangadharan (Ed.), Data and Discrimination: Collected Essays (pp. 27-29).
[95]  Turow, J., Hoofnagle, C. J., Mulligan, D. K., Good, N., & Grossklags, J. (2006). The FTC and Consumer Privacy in the Coming Decade. I/S: A Journal of Law and Policy for the Information Society, 3, 723-749.
[96]  Veale, M., & Binns, R. (2017). Fairer Machine Learning in the Real World: Mitigating Discrimination without Collecting Sensitive Data. Big Data & Society, 4, 2.
[97]  Vranaki, A. (2016). Social Networking Site Regulation: Facebook, Online Behavioral Advertising, Power and Data Protection Laws. Queen Mary School of Law Legal Studies Research Paper No. 221, 2-34.


comments powered by Disqus