Introduction

Information technology law (or IT Law) is a young field, which was practically unknown just a few decades ago. Now, this collection takes up various new technologies that are currently shaping the law^[1]. Such technologies include Cloud computing, Big Data, the Internet of Things (IoT), artificial intelligence (AI), cryptography, sensors, robots, algorithms and other information related systems^[2]. Artificial intelligence (AI), mobile, social and the Internet of Things (IoT) are driving data complexity through new forms and sources of data^[3]. For example, big data comes from sensors, devices, video/audio, networks, log files, transactional applications, web, and social media — much of it generated in real-time and at a very large scale^[4]. In this blog, big data and legal challenges related to it will be looked into.

Big data

Big data refers to data that is so large, fast or complex that it’s difficult or impossible to process using traditional methods^[5]. It is a term applied to datasets whose size or type is beyond the ability of traditional relational databases to capture, manage and process the data with low latency^[6]. Big data can be analysed for insights that improve decisions and give confidence for making strategic business moves^[7]. Analysis of big data allows analysts, researchers and business users to make better and faster decisions using data that was previously inaccessible or unusable^[8]. Businesses can use advanced analytics techniques such as text analytics, machine learning, predictive analytics, data mining, statistics and natural language processing to gain new insights from previously untapped data sources independently or together with existing enterprise data^[9].

Technological advancement and the advent of new channels of communication (like social networking) and new, stronger devices have presented a challenge to industry players in the sense that they have to find other ways to handle the data^[10]. All this data is useful when processed, but it had been in gross neglect before the concept of big data came along^[11].

Application of big data

Businesses, nowadays, rely heavily on big data to gain better knowledge about their customers. The process of extracting meaningful insights from such raw big data is reckoned as big data analytics^[12]. Advanced software systems greatly reduce analytics time, giving companies the ability to make speedy decisions that help increase revenue, reduce costs and stimulate growth^[13]. This offers a competitive advantage to the brands that can work faster and target their consumers more effectively^[14]. Statista maintains that the global big data market will grow to $103 billion by 2027, with the software industry leading the Big Data market with a 45% share^[15]. While the global Big Data and Business Analytics market was valued at $169 billion in 2018, it is estimated to rise to $274 billion by 2022^[16]. In 2018, nearly 45% of professionals in the market research industry used big data analytics as a research method^[17].

Big data can help you address a range of business activities, from customer experience to analytics. Some of their applications are as follows:

Insights for product development

Businesses can use big data to deliver tailored products to their targeted market, so they don’t have to spend money on advertising campaigns that don’t work^[18]. Big data helps companies make a sophisticated analysis of customer trends which usually includes monitoring online purchases and observing point-of-sale transactions^[19].

Companies like Netflix and Procter & Gamble use big data to anticipate customer demand^[20]. They build predictive models for new products and services by classifying key attributes of past and current products or services and modelling the relationship between those attributes and the commercial success of the offerings^[21]. In addition, P&G uses data and analytics from focus groups, social media, test markets, and early store rollouts to plan, produce, and launch new products^[22].

These insights then allow companies to create successful, focused and targeted campaigns, thus allowing companies to match and exceed customer expectations and build greater brand loyalty^[23].

Targeting customers

Big data enables companies to gather data from social media, web visits, call logs, and other sources to improve the interaction experience and maximise the value delivered so they can deliver personalised offers, reduce customer churn, and handle issues proactively^[24]. By using big data, companies can pinpoint exactly what customers are looking for and they establish a solid customer base right out of the gate^[25].

New big data processes observe the patterns of consumers which are used to trigger brand loyalty by collecting more data to identify more trends and ways to make customers happy^[26]. Amazon has mastered this technique by providing one of the most personalised shopping experiences on the internet today. Suggestions are based not only on past purchases but also on items that other customers have bought, browsing behaviour and many other factors^[27].

Predictive maintenance and protection from risks

These days businesses are thriving in high-risk environments, but these environments require risk management processes and big data has been instrumental in developing new risk management solutions^[28]. Big data can improve the effectiveness of risk management models and create smarter strategies^[29].

Factors that can predict mechanical failures may be deeply buried in structured data, such as the year, make, and model of equipment, as well as in unstructured data that covers millions of log entries, sensor data, error messages, and engine temperature^[30]. By analysing these indications of potential issues before the problems happen, organisations can deploy maintenance more cost-effectively and maximise parts and equipment uptime^[31].

Security landscapes and compliance requirements are constantly evolving and big data helps you identify patterns in data that indicate fraud and aggregate large volumes of information to make regulatory reporting much faster^[32].

Creation of innovative companies

Big data can help businesses innovate by studying interdependencies among humans, institutions, entities, and process and then determining new ways to use those insights^[33]. Use data insights to improve decisions about financial and planning considerations, assisting in improving the innovation^[34]. With so much data to work off of, organisations can now implement processes to track their customer feedback, product success and what their competitors are doing^[35]. The insights the businesses gain can be used to tweak business strategies, develop new products/services (that can address specific problems of customers), improve marketing techniques, optimise customer service, improve employee productivity, and find radical ways to expand brand outreach^[36].

Increased efficiency

Big Data Analytics can identify and analyse the latest market trends, allowing businesses to keep pace with their competitors in the market^[37]. They can also automate routine processes and tasks which frees up the valuable time of human employees, which they can devote to tasks that require cognitive skills^[38].

Big Data and Legal Challenges

Although Big Data can be enormously useful for better decision-making and risk or cost reduction, it also creates new legal challenges, especially where personal data is processed in Big Data applications and such methods need to be reconciled with data protection laws and principles^[39]. The massive collection of data and the interrelations that can be derived with Big Data, could lead to detailed insights into locations, specific consumer interests and human behaviour for Big Data processors, which could be perceived by consumers as a breach of their privacy^[40].

Particularly challenging in that respect is the key principle of purpose limitation as it provides that personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes^[41]. This may be difficult to achieve in Big Data scenarios as to when personal data is collected, it may be unclear for what purpose it will later be analysed^[42]. However, the blunt statement that the data is collected for any possible Big Data analytics is not a sufficiently specified purpose^[43]. This principle may constrain Big Data applications in Europe because one of the methods to leverage value from Big Data is to use data and further processed datasets for different purposes, and to analyse the data in a way that may not have been envisaged at the time the data was first collected^[44].

Moreover, there are contradictions between big data and the GDPR that range from individual consent and data minimisation, accuracy and purpose limitation, integrity and confidentiality, to the principles of lawfulness, fairness, and transparency, as enshrined in Article 5 of the EU General Data Protection Regulation (GDPR)^[45]. Due to this regulation, companies that deal with large data must have appropriate processes and standards to comply with privacy in place and be open and transparent on how information is collected, processed and transmitted^[46]. According to Article 5(1)(e), personal data should not be stored longer than necessary^[47]. Therefore, organisations should set retention periods and implement automatic erasure of the data after the period expires^[48]. Moreover, data subjects have the right to access, rectify and erase personal data as well as restrict its processing, Article 17 GDPR which means organisations should be able to dig into the large amount of data stored across several different systems to locate and/or erase the data belonging to the data subject^[49]. Individuals have the right not to be subject to automated decision making, including profiling, according to Article 22(4) GDPR^[50].

However, Zarsky (2017) argues that the enforcement of GDPR compliance transnationally may prove difficult and that organisations may take advantage of loopholes in the GDPR to still obtain data as the GDPR narrowly views advanced technologies. because GDPR narrowly understands technologies and their applications, causing disproportionate restrictions to the development of such technologies^[51]. Big data analytics platforms will create challenges in determining data ownership, which in turn depends on the nature of the data, how they were generated, how they were collected, where the data came from (state laws, international), and whether they are attributable to a person or to a machine or device^[52]. The source of the data, and who therefore owns the data, will be where the conflict lies between organisational use of (and individual rights over) consumer-generated data^[53]. Moreover, who has rights to the data will determine who gets to use them and how or whether the data get used^[54].

Larger big data volumes create a higher risk of breach of data as the more data are concentrated, the more they become a target for hackers and the greater the consequences of the breach^[55].

In the US, While federal statutes like HIPPA and FERPA regulate certain types of data, federal law surrounding big data goes further than mere collection^[56]. In 2016 the Federal Trade Commission (FTC) issued a report on big data that said big data use had the potential to harm low-income and “underserved communities” because it could be used to exclude those communities from “credit and employment opportunities”^[57].

Case study-Tomtom

Dutch navigation provider TomTom experienced a privacy challenge with the processing of geolocation data first hand when Dutch Data Protection Authority ruled that TomTom was in breach with EU Privacy legislation^[58]. Apart from the processing during navigation, historical data of previous use is also stored in the TomTom device^[59].

When dealing with individuals’ geographic location data, in a dataset where the location of an individual is specified hourly, the vast majority of the user’s identity can be derived based on less than five different location measurements^[60]. This clearly shows how data which may not be perceived as such, could be indirect Personal Identifiable Information and thus in scope for the EU Privacy legislative framework^[61].

The TomTom devices asked for the user’s consent to process geo-location data, but the Dutch DPA ruled that the consent did not suffice, as it was not specific enough^[62]. In consequence, there was no legitimate ground for the processing and TomTom was in breach of legislation^[63].

Conclusion

To conclude, the European Network and Information Security Agency (ENISA), recently noted that “if privacy principles are not respected, Big Data will fail to meet individual’s needs; if privacy enforcement ignores the potentials of Big Data, individuals will not be adequately protected.

^[64]”Involved stakeholders should work together in addressing the challenges and highlight privacy as a core value and a necessity of Big Data and technology should be used as a support tool to achieve this aim^[65].

^[1]  M Corrales, M Fenwick and N Forgó, New Technology, Big Data and the Law (Springer Singapore 2017) <https://books.google.nl/books?id=aBo0DwAAQBAJ>

^[2]  M Corrales, M Fenwick and N Forgó, New Technology, Big Data and the Law (Springer Singapore 2017) <https://books.google.nl/books?id=aBo0DwAAQBAJ>

^[3] https://www.ibm.com/nl-en/analytics/hadoop/big-data-analytics

^[4] https://www.ibm.com/nl-en/analytics/hadoop/big-data-analytics

^[5] https://www.sas.com/en_us/insights/big-data/what-is-big-data.html

^[6] https://www.ibm.com/nl-en/analytics/hadoop/big-data-analytics

^[7] https://www.sas.com/en_us/insights/big-data/what-is-big-data.html

^[8] https://www.ibm.com/nl-en/analytics/hadoop/big-data-analytics

^[9] https://www.ibm.com/nl-en/analytics/hadoop/big-data-analytics

^[10] https://www.simplilearn.com/tutorials/big-data-tutorial/what-is-big-data

^[11] https://www.simplilearn.com/tutorials/big-data-tutorial/what-is-big-data

^[12] https://www.analyticssteps.com/blogs/what-big-data-analytics-definition-advantages-and-types

^[13]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[14]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[15] https://www.upgrad.com/blog/benefits-and-advantages-of-big-data-analytics-in-business/

^[16] https://www.upgrad.com/blog/benefits-and-advantages-of-big-data-analytics-in-business/

^[17] https://www.upgrad.com/blog/benefits-and-advantages-of-big-data-analytics-in-business/

^[18]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[19]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[20] https://www.oracle.com/big-data/what-is-big-data/

^[21] https://www.oracle.com/big-data/what-is-big-data/

^[22] https://www.oracle.com/big-data/what-is-big-data/

^[23]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[24] https://www.oracle.com/big-data/what-is-big-data/

^[25]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[26]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[27]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[28]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[29]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[30] https://www.oracle.com/big-data/what-is-big-data/

^[31] https://www.oracle.com/big-data/what-is-big-data/

^[32] https://www.oracle.com/big-data/what-is-big-data/

^[33] https://www.oracle.com/big-data/what-is-big-data/

^[34] https://www.oracle.com/big-data/what-is-big-data/

^[35]https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/

^[36] https://www.upgrad.com/blog/benefits-and-advantages-of-big-data-analytics-in-business/

^[37] https://www.upgrad.com/blog/benefits-and-advantages-of-big-data-analytics-in-business/

^[38] https://www.upgrad.com/blog/benefits-and-advantages-of-big-data-analytics-in-business/

^[39]  M Corrales, M Fenwick and N Forgó, New Technology, Big Data and the Law (Springer Singapore 2017) <https://books.google.nl/books?id=aBo0DwAAQBAJ>

^[40] https://www.compact.nl/en/articles/big-data-analytics-privacy-how-to-resolve-this-paradox/

^[41]  M Corrales, M Fenwick and N Forgó, New Technology, Big Data and the Law (Springer Singapore 2017) <https://books.google.nl/books?id=aBo0DwAAQBAJ>

^[42]  M Corrales, M Fenwick and N Forgó, New Technology, Big Data and the Law (Springer Singapore 2017) <https://books.google.nl/books?id=aBo0DwAAQBAJ>

^[43]  M Corrales, M Fenwick and N Forgó, New Technology, Big Data and the Law (Springer Singapore 2017) <https://books.google.nl/books?id=aBo0DwAAQBAJ>

^[44] M Corrales, M Fenwick and N Forgó, New Technology, Big Data and the Law (Springer Singapore 2017) <https://books.google.nl/books?id=aBo0DwAAQBAJ>

^[45] Ugo Pagallo, ‘The Legal Challenges of Big Data’: (2017) 3 European Data Protection Law Review 36.

^[46] Dr. Fatma Mohammed Abdullah, Privacy, Security and Legal Challenges in Big Data, International Journal of Civil Engineering and Technology (IJCIET) 9(13), 2018, pp. 1682–1690.

^[47] https://techgdpr.com/blog/impact-of-gdpr-on-big-data/

^[48] https://techgdpr.com/blog/impact-of-gdpr-on-big-data/

^[49] https://techgdpr.com/blog/impact-of-gdpr-on-big-data/

^[50] https://techgdpr.com/blog/impact-of-gdpr-on-big-data/

^[51] https://instituteforpr.org/big-data-privacy-and-the-law-how-legal-regulations-may-affect-pr-research/

^[52] https://www.techrepublic.com/article/big-data-six-critical-areas-of-legal-risk/

^[53] https://www.techrepublic.com/article/big-data-six-critical-areas-of-legal-risk/

^[54] https://www.techrepublic.com/article/big-data-six-critical-areas-of-legal-risk/

^[55] https://www.techrepublic.com/article/big-data-six-critical-areas-of-legal-risk/

^[56] https://instituteforpr.org/big-data-privacy-and-the-law-how-legal-regulations-may-affect-pr-research/

^[57] https://instituteforpr.org/big-data-privacy-and-the-law-how-legal-regulations-may-affect-pr-research/

^[58] https://www.compact.nl/en/articles/big-data-analytics-privacy-how-to-resolve-this-paradox/

^[59] Ibid

^[60] https://www.compact.nl/en/articles/big-data-analytics-privacy-how-to-resolve-this-paradox/

^[61] https://www.compact.nl/en/articles/big-data-analytics-privacy-how-to-resolve-this-paradox/

^[62] https://www.compact.nl/en/articles/big-data-analytics-privacy-how-to-resolve-this-paradox/

^[63] https://www.compact.nl/en/articles/big-data-analytics-privacy-how-to-resolve-this-paradox/

^[64] M Corrales, M Fenwick and N Forgó, New Technology, Big Data and the Law (Springer Singapore 2017) <https://books.google.nl/books?id=aBo0DwAAQBAJ>

^[65] M Corrales, M Fenwick and N Forgó, New Technology, Big Data and the Law (Springer Singapore 2017) <https://books.google.nl/books?id=aBo0DwAAQBAJ>