Ahead of Data Protection Day on 28 January, the Committee of the Council of Europe´s Data Protection Convention, also known as “Convention 108”, adopted this week Guidelines on Big Data aiming to assist policy makers and organisations processing personal data to place people at the centre the digital economy.
The nature of Big Data may make very challenging the application of traditional principles of personal data protection, such as purpose limitation or data minimisation. The guidelines contain a set of recommendations such as:
- Any Big Data processing of personal data should comply with the requirement of free, specific, informed and unambiguous consent, and the principles of purpose limitation, fairness and transparency.
- Data processors should provide easy and user-friendly technical way for individuals to withdraw their consent.
- Data controllers and processors should assess the likely impact on human rights of Big Data processing, for example, by establishing ethical committees. They should carry out risk assessments, and develop solutions by-design and by-default to mitigate the risks.
- The technical anonymisation of data could be combined with legal or contractual obligations to prevent possible re-identification of the persons concerned.
Alessandra Pierucci, Chairperson of the Committee of “Convention 108” highlighted “the importance of providing guidance on what has become in the past years an exponential source of knowledge, and an exponential source of processing of personal data. This first step of the Committee towards a stronger protection of persons in our big data environment will have to lead to further steps, to follow the fast pace evolution of big data related technologies”.
A Council of Europe delegation is participating today in a session on the Council of Europe’s approach to Big Data at the 10th Edition of the “Computers, Privacy and Data Protection” international conference (CDPC), which is held in Brussels from 25 to 27 January.