Many challenges that arise with Big Data could be solved with legislation. It is of critical importance to protect freedoms of individuals in society, and Big Data puts people’s right to privacy at risk. However it can be argued if there were more regulation on Big Data it would hinder not only innovation but the economy as well. 22 There are two proposals for Big Data to improve: (i) more regulation and (ii) less regulation. ‣More regulation The Information Commissioner’s Office recently issued a new data protection code of practice; it advises how to protect the privacy rights of individuals while dealing with large and rich databases. It is concerned with the increased use of databases, especially databases containing the public’s information. There is a high risk of breaching one’s privacy. The code is within the legal structure of the Data Protection Act 1998. There has been an increase of Big Data use in the public sector. The governments of several countries use it for national security issues and healthcare. However in the UK Margaret Hodge has described the government’s use of it as ‘deeply frustrating’.23 It was said that the Government could make £33 billion of savings by using it more efficiently. This introduction of the code suggests that there is a pressing need and a wanting for more regulation to protect an individual’s privacy. In the private sector there was a case where an Austrian law student made a complaint, after finding how much personal data Facebook stores. The information he found included IP addresses of the machines used to get to the website and information of other uses on the same machine including their location. Facebook changed its facial tagging system following the report of the Irish Data Protection Commission, which is responsible for European Facebook users. This supports the argument that we need more regulation to keep social networking sites, such as Facebook, in check to prevent breach of an individual’s privacy. The Data Protection Act 1998 describes the UK Law on the processing of data of persons. It was enacted to incorporate the EU data protection directive of 1995 into UK law. This requires Member States to protect individuals’ rights and freedoms including their right to privacy when processing data. This act was enacted in 1998 and needs to be amended and updated to keep up with the growing and changing technological industry of today. One key idea that must be adopted is privacy. In the act privacy is not mentioned and this questions the intention of the act as it is supposed to protect private or personal data when there is a risk of breach. In addition, it needs to address the technological industry we have today and how this may impact upon individuals’ privacy in society, how the keeping of social network sites which have major roles in many lives today, store data. This therefore highlights the fact that there needs to be not only there be more discussions and; policy making adapt to the world today but also an amendment of the current data protection law which is clearly out of date. ‣ Less regulation The argument for more regulation to protect individuals’ privacy rights can be questioned. This is because there is already the Data Protection Act 1998, which covers personal data (s2, s7) and the Act gives rights to people who have stored their data and responsibilities to those who store it. There are eight principles that ensure that personal data is respected in accordance with privacy rights (Schedule 1 of the Act). There are also consequences for failing to protect an individual’s right to privacy under s21, s55 and s56 of the Act. Therefore it may be needless for more legislation on data privacy if there is legislation that governs the majority of areas of data privacy. In addition to this, there is legislation at the European level under the EU Data Directive of 1995 that protects and supports UK legislation on data privacy. In the case of Gaskin v UK, the applicant’s mother had died and was taken into care of which the council made records. 24 The applicant asked 22 http://www.out-law.com/en/articles/2012/november/eu-countries-should-adopt-uks-business-friendly-approach-to-
big-data-and-anonymisation-says-expert/ 23 http://www.guardian.co.uk/news/datablog/2012/nov/21/anonymised-data-protection-code-freedom-of-information 24
Gaskin v UK (1989) 12 EHRR 36 The Spectrum | edition 03 16