Guidelines on Protecting Individuals' Personal Data in a World of Big Data

On 23 January 2017, the Consultative Committee of the Council of Europe´s data protection convention (Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, also known as Convention 108) adopted "Guidelines on the protection of individuals with regard to the processing of personal data in a world of Big Data". These Guidelines were prepared by Prof. Alessandro Mantelero (Politecnico di Torino, Italy) and out of the 50 voting members Denmark, Liechtenstein and Luxembourg abstained whereas Germany and Ireland objected. These Guidelines provide a general framework to policy makers and to organisations processing personal data to apply appropriate policies and measures to make effective the principles and provisions of Convention 108 in the context of Big Data.

Scope

"The purpose of these Guidelines is to contribute to the protection of data subjects regarding the processing of personal data in the Big Data context by spelling out the applicable data protection principles and corresponding practices, with a view to limiting the risks for data subjects’ rights. These risks mainly concern the potential bias of data analysis, the underestimation of the legal, social and ethical implications of the use of Big Data for decision-making processes, and the marginalisation of an effective and informed involvement
by individuals in these processes.

Given the expanding breadth of Big Data in various sector-specific applications, the present Guidelines provide a general guidance, which may be complemented by further guidance and tailored best practices on the protection of individuals within specific fields of application of Big Data (e.g. health sector, financial sector, public sector such as law enforcement). Furthermore, in light of the evolution of technologies and their use, the current text of the Guidelines may be revised in the future as deemed necessary by the Committee of Convention 108.

Nothing in the present Guidelines shall be interpreted as precluding or limiting the provisions of Convention
108 and of the European Convention on Human Rights."

Principles and Guidelines

1. Ethical and socially aware use of data (page 3)
2. Preventive policies and risk-assessment (page 3)
3. Purpose limitation and transparency (page 4)
4. By-design Approach (page 4)
5. Consent (Page 4)
6. Anonymisation (page 5)
7. Role of the human intervention in Big Data-supported decisions (page 5)
8. Open data (page 5)
9. Education (page 6)

(ga)

CoE, "Guidelines on the protection of individuals with regard to the processing of personal data in a world of Big Data", 23 January 2017