The Challenge of 'Big Data' for Data Protection

Privacy and Security, Cloud Computing and Networks, the Internet, and Cloud Computing

Article Snapshot


Fred H. Cate, Christopher Kuner, Christopher Millard and Dan Jerker B. Svantesson


International Data Privacy Law, Vol. 2, No. 2, pp. 47-49, 2012


Massive amounts of data are stored and processed, and the amount is growing. Processing the data will enable many new discoveries. Data protection law is lagging behind big data. Key issues include limiting the use of data and the role of government as regulator and data collector.

Policy Relevance

Harmonization of data protection law across borders is important. Focus on consumer consent will not solve many looming data protection problems.

Main Points

  • The amount of global digital data was 1,227 exabytes in 2010, and is expected to 7,910 exabytes by 2015; an exabyte is a quintillion bytes.
    • The data includes data from trillions of transactions like credit card sales, and metadata about those transactions, that is, data about when and where the exchange took place.
    • More and more often, the data is stored in the cloud, not locally.
  • In Europe, data protection regulation is focused on notice to consumers, and on the consumer’s choice, but consumers rarely read privacy policies. Should regulation focus on other principles?
  • Policymakers should consider if there be across-the-board limits on the use of lawfully obtained data that apply even to law enforcement activities.
  • Another key question is whether private firm or public authorities violate data protection rights just by looking at data, or if they must act on the data.
  • Trillions of transactions that occur every day, making it hard for regulators to enforce even basic data protection rights and obligations.
  • Governments use and collect massive amounts of data, and have ambitious plans for new surveillance based on monitoring of social networking sites.
  • As data flows freely across borders, the concept of national sovereignty becomes less relevant to data protection. Focus on the physical location of data can be unhelpful.


Get The Article

Find the full article online

Search for Full Article