DevoxxFR 2024 Reproducible Builds with Apache Maven
Legal Issues in Big Data
1. BYTE:
Big data roadmap and cross-disciplinary community for
addressing societal externalities
Legal Issues in Big Data
Hans Lammerant – VUB
@BYTE_EU www.byte-project.eu
2. Overview
• Intellectual Property Rights
• Contract law and licensing
• Privacy and Data Protection
• Due Process
• Liability
• Jurisdictional Problems
@BYTE_EU www.byte-project.eu
3. Intellectual Property Rights
Relevant forms of IPR:
• Copyright on data
• Copyright on database
• Sui generis database
Issues:
• high transaction costs due to rights clearing
• is IPR too restrictive due to overprotection?
• outdated system of exemptions
@BYTE_EU www.byte-project.eu
4. Contract law and licensing
IPR is default framework → deviation is possible through contracts
Licenses as authorisations ↔ licenses as contracts
Issues:
• Fragmentation of contract law over jurisdictions → legal interoperability
• Enforceability of 'clickwrap'-licenses
@BYTE_EU www.byte-project.eu
5. Privacy and Data Protection
Issues:
• Definitions of personal data, anonymous and pseudonymous data
• Data protection principles (e.g. purpose limitation, data minimization)
• Consent
• Implementation rights of data subjects: transparency, access and rectification
General discussion: is data protection framework still compatible with big data or do we need a
new, risk-based approach
@BYTE_EU www.byte-project.eu
6. Due Process
• Decision making based on big data → can people contest decisions or their grounds?
• Certain decisions are not allowed: e.g. non-discrimination legislation → How to check?
• Procedural safeguards: transparency is key element, not just of personal data but also of logic.
This logic must be open for auditing and testing.
• Implementation: from consent-based model to protection by supervisory authorities?
@BYTE_EU www.byte-project.eu
7. Liability
• Data protection in directive 95/46: data controller ↔ data processor => implies that data
processor knows he is dealing with personal data
• e-commerce: limited liability for internet intermediaries / e-privacy → black box-approach:
intermediary is considered not to know what he transfer or stores, and has no liability for
content except when he knows.
Cloud computing: technical convergence and reordering of services blurs border between these
models → where do we shift?
@BYTE_EU www.byte-project.eu
8. Jurisdictional Problems
Large-scale combining of data sources + technical convergence of services: a wide range of
jurisdictions can become involved
'Light' application mechanisms → nothing escapes, but inflation of applicable laws
Main solution: harmonisation
@BYTE_EU www.byte-project.eu