EU watchdog: Data collection can't fly under 'user experience' flag

Big data projects run the risk of breaking EU data protection laws

Improving users' experiences is no justification for using consumer information in big data projects, according to Europe's top data protection officials.

The Article 29 Working Group, which includes the data protection supervisors from the European Union's 27 member states, said that consumers' "specific, explicit consent" is almost always required if companies want to use their information in big data projects.

In an opinion document adopted last week, the group stated that "vague or general purposes" such as "improved user experience", "marketing", "IT security" or "future research" are not, on their own, sufficiently specific enough to gain consent.

The newly published 70-page document (http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf#page=8&zoom=auto,0,276) sets out the rules that organizations must abide by if they want to use consumer data.

The group, which makes recommendations to the European Commission, defined big data as "gigantic digital datasets held by corporations, governments and other large organizations" that "relies on the increasing ability of technology to support the collection and storage of large amounts of data, but also to analyze, understand and take advantage of the full value of the data."

The argument in favor of big data projects is that they may ultimately lead to better and more informed decisions. The group cites examples such as health care, mobile communications, smart grid, traffic management and fraud detection, where the analysis of big data could have a positive impact. However it warned "consent should be required, for example, for tracking and profiling for purposes of direct marketing, behavioral advertisement, data-brokering, location-based advertising or tracking-based digital market research."

One of the central tenets of the document is the "reasonable expectations of the data subjects" as to the use of their data. So consent given for one process is for that reason alone.

The document also examined the use of public sector information and warned of a possible increase in government surveillance. This could be mitigated by anonymizing data, it said.

On Wednesday, European Digital Agenda Commissioner Neelie Kroes welcomed a decision by the E.U. Council's 'Coreper' committee to endorse a plan to open up public sector data for re-use across Europe. She added that she was confident the European Parliament would also approve the plan in coming weeks.

"Opening up public data means opening up business opportunities, creating jobs and building communities," said Kroes. According to the Commission, wider availability of public data could boost economic activity by tens of billions of euros per year across the E.U.

Once fully implemented into national law, the revision of the 2003 Public Sector Information Directive would make all generally accessible public sector information, such as geographical data, statistics, meteorological data, data from publicly funded research projects and digitized books from libraries, available for re-use at zero or minimal cost.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies