Huge amounts of data, including personal data, are currently being created. If we are to believe IBM, 90% of the existent data today was created in the last two years. Big data presents extremely interesting opportunities for research. But is big data, which is characterized by volume, variety and velocity, reconcilable with data protection laws?
Law and order
In a big data context, is true anonymization still possible?
Everything’s connected
The Internet of Things is another hot topic. As with all new technologies, it has a lot of benefits, but it also bears important risks. Waem comments: “The main risk is security. Manufacturers should really think about the safety of smart devices as of their conception. A driverless car could be hacked, or photos from your sleeping baby — taken by your hi-tech baby monitoring device — could appear on the internet.”
In the globalized world of today, companies are transferring their data everywhere, often without knowing where the data will eventually end up.
Worldwide dataflow
Data is flowing everywhere. It is stored in the cloud, but where are the servers and systems? This can be a problem, as there are strict rules for transferring data outside of the European Economic Area. In principle, personal data cannot be transferred outside of the EEA. However, there are certain mechanisms for legitimizing transfers outside of the EEA, such as EU model clauses. Previously, transfers to the US could also take place under the Safe Harbor program. But, since the Schrems decision of the European Court of Justice, it is no longer possible to rely on Safe Harbor. “Transferring data is a complicated matter,” Waem says. “In the globalized world of today, companies are transferring their data everywhere, often without knowing where the data will eventually end up.” Under the new Regulation, the mechanisms for transferring data remain the same. Furthermore, the European Commission is working, together with the US, on a so-called Privacy Shield for data transfers to the US.
The potential of big data is huge; it might contain the key to easy diagnosing rare diseases and even finding cures for diseases which are difficult to treat. But at this stage, development based on big data is hampered due to unsuited data protection laws. “Concerted actions are necessary to provide a framework that protects personal data without hampering innovation based on big data,” concludes Waem. It will be a challenge to gather all the involved parties and to make them look in the same direction.
This article is a report of the keynote presentation by Heidi Waem, Senior Associate, NautaDutilh, on the Janssen – FlandersBio Partnerday, March 3, 2016