Report. The EU ENISA office concludes in the report Privacy By Design in Big Data from December 2015 that there is a need to create common privacy-by-design criteria, to promote privacy-enhancing-technologies and for common policy enforcement. According to ENISA there is no big data without privacy: It is of no use to talk of a clash between big data and privacy, because without privacy big data will fail, the report states.
Here are the main conclusions. We need:
- Common PbD criteria. Data Protection Authorities, data controllers and the big data analytics industry need to define how privacy by design can be practically implemented and demonstrated, including relevant support processes and tools.
- Common policy enforcement. The research community and the big data analytics industry need to explore the area of policy definition and to embody relevant mechanisms for automated enforcement of privacy requirements and preferences.
- To Promote PET. There are already numerous privacy enhancing tools (PET) for online and mobile protection, such as anti-tracking, encryption, secure file sharing and secure communication tools.
The research community needs to adequately address aspects related to the reliability and usability of online PETs. The role of the Data Protection Authorities is central in user awareness and promotion of privacy preserving processes and tools.
- Actual transparency & Control. The big data analytics industry and the data controllers need to work on new transparency and control measures, putting the individuals in charge of the processing of their data. Data Protection Authorities need to support these efforts, encouraging the implementation of practical use cases.
The report goes into details about anonymization and encryption methods applicable when working with big data and comes around PIMs (Personal Information Management systems) or PDS (Personal Data Stores) such as Mydex, which enables individuals to gather, store, update, correct, analyse, and/or share personal data.