25.08.2014“Big Data“ – Which Legal Restrictions Exist for the Use of Big Data?
Big Data" summarizes the growing significance of data as a factor in value creation. Even incidentally generated data offer a high potential for optimizing business and to improve products and services or for customer-oriented marketing purposes. However, a number of legal restrictions is to be observed when making use of big data.
Every company generates, collects and stores a large amount of data every day. These data collections offer a high potential for optimizing business by using it in a structured and legally compliant manner to improve products and services or for customer-oriented marketing purposes.
Admittedly information which is relevant to the business and products has been used and evaluated for a long time already, yet companies face a rapid growth in the amount of data. This is particularly due to the increasing use of different technologies such as sensor technology, M2M, RFID, Ambient Intelligence or smartphones as well as the ever growing use of social media. Pursuant to information from the Federal Association for Information Technology, Telecommunications and New Media (Bundesverband für Informationswirtschaft, Telekommunikation und neue Medien e.V. –"BITKOM e.V.") the global volume of data will be more than 100 zettabytes in 2020.
The term "Big Data" and/or "Big Data Analytics" has recently become connected with the corporate challenge of an economically sensible and structured use of this constantly growing volume of data. "Big Data" is understood to mean the fast analysis of large amounts of data from various sources in order to make economic use thereof. Big Data covers strategies, methods, technologies, IT architecture and tools which help to structure the use of large amounts of data.
"Big Data" or "Big Data Analytics" is therefore certainly not a new science but the term "Big Data" summarizes the growing significance of data as a factor in value creation. Big Data is sometimes even called the "oil of the future".
You will find below a short – not conclusive – overview of the legal restrictions and problems when dealing with Big Data:
Big Data v. Data Protection Law
The collection, processing and use of data collections including personal data is primarily subject to data protection restrictions. Under the terms of the legal definition in § 3 Subsection 1 of the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) personal data is "individual information about personal and factual relationships of a defined or definable natural person". This definition covers names, contact data, photos, movement data and biometric data of individual persons, for example.
Pursuant to the principle of data protection law it is prohibited to collect, process and use personal data unless there is statutory permission or individual consent (so-called "prohibition with the reservation of permission"). Furthermore the principle of data minimization under the data protection law must also be observed where no more personal data may be collected, processed and used than is absolutely necessary.
It is extremely important against this background to check before implementing Big Data applications which type of data is being collected. If personal data is not being collected, processed or used, which is often the case when ERP systems are only used for purposes of managing materials or controlling production, for example, German data protection laws do generally not apply.
However, particularly the use of certain customer information from the area of "behavioral tracking", poses greater legal risks due to the use of personal data which is often undetected at first glance. It should be noted that it is sufficient for the existence of personal data that a personal reference can be created under certain circumstances by certain data or by accumulating various data sets. The evaluation of initially anonymous customer behavior at the point of sale is harmless as long as the anonymous customer behavior cannot be and/or is not personalized by combining it with other stored customer information. However, if the risks under data protection law are already recognized in advance, there is the possibility to use personal data directly by organizing the use of Big Data in a manner which conforms to the law or by clearly wording conditions of use and declarations of consent.
Big Data v. Competition Law
The use of customer data for advertising purposes is always an obvious marketing measure for companies, but the respective advertising measure must be organized to conform with the law. Telephone advertising towards consumers, for example, is always seen as unreasonable harassment in the sense of § 7 Subsection 2 No. 2 German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb – UWG) if the respective consumer has not explicitly consented thereto in advance. It should also be noted with respect to e-mail advertising that:
- The advertising entrepreneur saved the customer data within a business relationship;
- The entrepreneur uses the customer data for its own advertising purposes;
- The customer has not objected to the use of the data; and
- The customer is informed when the data is collected and whenever it is used that he/she can object to the use of the data at any time.
If it is intended to use customer data for marketing purposes, it must be clarified when the data is collected in what form the customer data will be used and which advertising media will be implemented. Depending on the intended form of advertising the customer must therefore give his/her consent in advance by means of an opt-in process to a broad use of his/her data for telephone advertising, for example. However, it is only necessary to use an opt-out process conforming to the law for a planned e-mail campaign.
Big Data v. Copyright Law
Copyright restrictions could also be significant for the content of Big Data. Rights which are derived from databases (§ 4 German Copyright Act (Urheberrechtsgesetz - UrhG)) and databanks (§ 87 a et seq. UrhG), for example, could exist depending on where the respective data comes from. Caution is recommended in this context particularly if external sources, such as social media applications, are used to collect the data.
Risk of Legal Infringements
Material sanctions can be imposed if Big Data applications infringe provisions under data protection law. The most serious include fines of up to EURO 300,000.00 and damage to a company's reputation. Furthermore infringements of the provisions of copyright and unfair competition law often lead to warnings from competitors and consumer protection organizations usually requesting that the action infringing the law be ceased and that legal costs be reimbursed at the very least.
Since possible legal infringements due to the use of Big Data applications can generally be avoided by careful organization of processes, we recommend extensive legal analysis already in the early stages when a Big Data strategy is being developed.
Contact
