The University of Southampton
University of Southampton Institutional Repository

Data analytics and the GDPR: friends or foes? A call for a dynamic approach to data protection law

Data analytics and the GDPR: friends or foes? A call for a dynamic approach to data protection law
Data analytics and the GDPR: friends or foes? A call for a dynamic approach to data protection law
In this paper, we aim to help overcome a perceived paradox (and attendant tensions) between the two objectives of innovation and privacy/data protection, in particular in relation to data scenarios where organisations are open to personal data they control to be reused (internally within their corporate group, or externally via a third party) for innovative purposes. We argue that to do this requires better defining key notions in data protection law, acknowledging the interdependence of data protection requirements or principles, and relying upon ongoing data management processes in order to control complex data environments. These are the pillars of a dynamic approach to data protection law.

We start our demonstration by suggesting that the conceptualisation of data analytics by policy makers has not helped to produce clear guidance for practices going beyond the mere production of statistics. On the contrary, by drawing a distinction between the production of statistics and the rest, this approach has indirectly formed the seedbed for the view that EU data protection law and in particular the GDPR is antithetic to data analytics. We then revisit this critique of EU data protection law to show its limits and build the argument that a more constructive interpretation of the GDPR is possible, this on the basis of a dynamic approach to data protection law. Finally, we unfold the main tenets of such a dynamic approach and ultimately suggest that the GDPR does not undermine the logic of data analytics as a form of ‘data-driven general analysis,’ which implies a re-purposing or secondary processing of data legitimately hold by a data controller over a limited period of time and with no consequences defined prior to the analysis, although consequences could be attached in the future but only once a second impact assessment has been undertaken.
249–276
Hart
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Knight, Alison, Mary
d236af12-ad63-4f55-848b-cb55f179f5f4
Leenes, Ronald
van Brakel, Rosamunde
Gutwirth, Serge
De Hert, Paul
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Knight, Alison, Mary
d236af12-ad63-4f55-848b-cb55f179f5f4
Leenes, Ronald
van Brakel, Rosamunde
Gutwirth, Serge
De Hert, Paul

Stalla-Bourdillon, Sophie and Knight, Alison, Mary (2019) Data analytics and the GDPR: friends or foes? A call for a dynamic approach to data protection law. In, Leenes, Ronald, van Brakel, Rosamunde, Gutwirth, Serge and De Hert, Paul (eds.) Data Protection and Privacy: the Internet of Bodies. Oxford. Hart, 249–276. (doi:10.5040/9781509926237.ch-011).

Record type: Book Section

Abstract

In this paper, we aim to help overcome a perceived paradox (and attendant tensions) between the two objectives of innovation and privacy/data protection, in particular in relation to data scenarios where organisations are open to personal data they control to be reused (internally within their corporate group, or externally via a third party) for innovative purposes. We argue that to do this requires better defining key notions in data protection law, acknowledging the interdependence of data protection requirements or principles, and relying upon ongoing data management processes in order to control complex data environments. These are the pillars of a dynamic approach to data protection law.

We start our demonstration by suggesting that the conceptualisation of data analytics by policy makers has not helped to produce clear guidance for practices going beyond the mere production of statistics. On the contrary, by drawing a distinction between the production of statistics and the rest, this approach has indirectly formed the seedbed for the view that EU data protection law and in particular the GDPR is antithetic to data analytics. We then revisit this critique of EU data protection law to show its limits and build the argument that a more constructive interpretation of the GDPR is possible, this on the basis of a dynamic approach to data protection law. Finally, we unfold the main tenets of such a dynamic approach and ultimately suggest that the GDPR does not undermine the logic of data analytics as a form of ‘data-driven general analysis,’ which implies a re-purposing or secondary processing of data legitimately hold by a data controller over a limited period of time and with no consequences defined prior to the analysis, although consequences could be attached in the future but only once a second impact assessment has been undertaken.

Full text not available from this repository.

More information

Accepted/In Press date: 2018
Published date: 15 January 2019

Identifiers

Local EPrints ID: 424402
URI: http://eprints.soton.ac.uk/id/eprint/424402
PURE UUID: cb3116c3-8532-4ff3-9ca8-c1f81df12ea9

Catalogue record

Date deposited: 05 Oct 2018 11:36
Last modified: 06 Aug 2020 16:32

Export record

Altmetrics

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×