Ready for takeoff?

Legal challenges

Why personal data issues might force an emergency landing

  • Share

In addition to the strategic challenges, there are several legal challenges when working with big data, which can vary by country or region. You should address the legal issues around big data and analytics at the same time as the strategic issues. Any data strategy that fails to consider the legal issues will leave your business vulnerable to regulatory and reputational damage.

The most important legal area is data protection — particularly of personal data. This will be the source of most legal and ethical challenges.

  1. The increasing significance of personal data. The protection of personal data is a central concern for consumers. So compliance with regulations on personal data protection is not only a way to adhere to the law, but also an effective way to convey your ethical and social commitment.
  2. The need to define and manage personal data carefully. Big data and cloud computing can increase the risks raised by various key questions on how data is managed and defined. For example, what is the nature of the data the organization holds, where is personal data stored, how is personal data secured, do individuals still have control over their data, how can they prevent the processing of their data, and how can individuals recover their data?
  3. The volume of data. Businesses that do not keep track of what data they hold, or keep checks on the accuracy, cannot guarantee they are complying with the law. The high volume of data held also makes it increasingly difficult for organizations to anonymize personal data to meet regulatory requirements.
  4. The changing legislative environment. Legislators and regulators in many marketplaces are scrambling to keep up with organizations’ efforts to exploit the value of their data.
    The European Commission is moving toward implementation of a data protection regulation that will ensure common standards across all member states of the EU, and apply to any organization that operates with personal data inside the bloc.
  5. The need to protect the company’s own data. As the threat of cyber attack grows, companies’ own data may be vulnerable, leaving them open to legal and reputational risk. And while data and analytics sit at the heart of businesses’ digital innovation, the legal instruments available to protect and enhance data currently seem too limited given its rapidly increasing value.
  6. The possibility of a big data backlash. Consumers are becoming more and more selective and careful about who they share their data with. Many are never happy for companies to share their personal information.
    This might indicate that companies will have to offer an incentive for data sharing, and to consider seriously how they are gathering, and using, big data.

The US and Europe: two different approaches to data protection

The US and Europe have radically different definitions of concepts such as “protection of privacy” and “personal data.” The EU operates under a single regulatory regime. In the US, federal laws sit alongside the laws of each of the 50 states, with numerous laws to protect data.

There is also a philosophical difference. While privacy law in the US aims to achieve a balance between privacy and effective business, the EU sees respect of privacy as a citizen’s fundamental right.

One crucial difference is the emphasis placed by US legislation on the protection of data security — especially the obligation to declare breaches of security. In Europe, no such obligation currently exists, though the commission proposes to introduce something similar in its forthcoming overhaul of EU data privacy legislation.