Warning for big data over EU Data Protection Directive

DLA Piper's Andrew Dyson highlights potential impact of EU Data Protection Directive on companies' big data plans

The forthcoming EU Data Protection Directive will drastically ratchet up the regulation of private data throughout Europe, with laws more tightly harmonised across the continent and even the possibility that they might be applied on an extra-territorial basis.

The proposed Directive will also have an impact along the supply-chain. In the process, the "data minimisation principle" will effectively rule out the use of big-data analytics by organisations operating in the European Union, while fines of up to €100m or five per cent of global turnover will also add sharp teeth to the regulations.

That is the warning of Andrew Dyson, a partner at law firm DLA Piper and a specialist in data protection law, speaking at Computing's IT Leaders' Summit in London today.

The last EU Data Protection Directive dates back almost 20 years, to 1995, said Dyson, when the internet was still largely dial-up and pre-dating the popularity of social media and the development of cloud computing and big data analytics.

The new Directive will inaugerate "active information governance" in which privacy is expected to be built into corporate processes by design, organisations will be expected to appoint "data protection officers" and individuals will be give greater rights. These include the rights to withdraw consent to having private data used by organisations and the right to object to the way in which private data might be used.

This could have a big impact on the nascent big data industry, which has grown up around the use and mining of disparate data sets, especially relating to personal data. And the so-called "right to be forgotten" will also extend beyond Google and other search engines.

However, Dyson welcomed the pan-EU harmonisation that a new Directive ought to bring. "Although the principles are set at a European level, at the moment, it is implemented in each European state in very different ways. That means there are variations between different European countries," said Dyson. For organisations operating in different EU countries, rolling out systems on a regional basis, that can cause complications.