Big Data is an enormous phenomenon in the world. Many companies from various industries are benefiting from analysis of massive volumes of data from a vast variety of sources. According to a new report from Forester, the Big Data market is growing at almost 13 percent rate. Market research firm IDC forecasts that revenue from the sales of big data and business analytics tools, services, and applications will reach $187 billion in 2019. As the world of Big Data changes dramatically right before our eyes, it is important to know the laws and policies we should follow in Big Data analysis.
Globally, there are no specific laws and policies that regulate Big Data analysis. Each country has its own data protection laws and policies that ensure data analysis is carried out responsibly. For instance, in the UK, The UK Data Protection Act controls how people’s personal data is used by the government, business or organizations. In the US, there is a patchwork system of states and federal laws that regulate data analysis. Although we do not have a common international laws and policies governing Big Data analysis, there are some general provisions of existing laws and longstanding notions of fair information practices that need to be followed in Big Data analysis.
Almost all data protection laws and policies are based on consent concepts. In many countries, notice and consent are necessary to fair information practices. Principles of fair information practices require that organizations and individuals inform people about the collection of their information and how it will be used. For instance, The European Directive requires controllers of data to establish a legal basis for data analysis and provide for assent as a mechanism by which businesses meet that requirement. Therefore, organizations and individuals involved in Big Data analysis should obtain consent unless they are processing so large data sets that getting consent may not be practicable.
- Legitimate business purpose
Organizations and individuals involved in Big Data analysis should establish what is called a “legitimate business purpose.” This means that Data analysis should be used for all purposes except where data uses are overridden by fundamental freedoms and rights of data subjects.
- Purpose Specifications
Some Laws and Policies require data analysts to specify the purpose data will be used. Since Big Data may sometimes serve a purpose that can only be revealed through the knowledge discovery stage of analytics, Big Data analysts should articulate the purpose broadly. According to EU Directive 94/46/EC, data collected should be used only for specified purpose(s) and for no other purposes.
- Data Minimisation
Many national laws and policies require that organizations should limit the collection of personal data to what is necessary and directly relevant to accomplish a stated purpose and retain such data only for as long as Is important to fulfill that purpose. For instance, both Directive 95/46/EC and Regulation EC (No) 45/2001 provide that personal information should be collected for specified purposes and must be adequate and not excessive in relation to the intentions for which they are collected or/and further processed.
To avoid getting into problems, organizations should establish Big Data policies to ensure the legal obligations are met. The policy should consider the personal data needs of an individual organization as well as the way it processes this data.