EU watchdog: Data collection can't fly under 'user experience' flag

Big data projects run the risk of breaking EU data protection laws

Improving users' experiences is no justification for using consumer information in big data projects, according to Europe's top data protection officials.

The Article 29 Working Group, which includes the data protection supervisors from the European Union's 27 member states, said that consumers' "specific, explicit consent" is almost always required if companies want to use their information in big data projects.

In an opinion document adopted last week, the group stated that "vague or general purposes" such as "improved user experience", "marketing", "IT security" or "future research" are not, on their own, sufficiently specific enough to gain consent.

The newly published 70-page document (,0,276) sets out the rules that organizations must abide by if they want to use consumer data.

The group, which makes recommendations to the European Commission, defined big data as "gigantic digital datasets held by corporations, governments and other large organizations" that "relies on the increasing ability of technology to support the collection and storage of large amounts of data, but also to analyze, understand and take advantage of the full value of the data."

The argument in favor of big data projects is that they may ultimately lead to better and more informed decisions. The group cites examples such as health care, mobile communications, smart grid, traffic management and fraud detection, where the analysis of big data could have a positive impact. However it warned "consent should be required, for example, for tracking and profiling for purposes of direct marketing, behavioral advertisement, data-brokering, location-based advertising or tracking-based digital market research."

One of the central tenets of the document is the "reasonable expectations of the data subjects" as to the use of their data. So consent given for one process is for that reason alone.

The document also examined the use of public sector information and warned of a possible increase in government surveillance. This could be mitigated by anonymizing data, it said.

On Wednesday, European Digital Agenda Commissioner Neelie Kroes welcomed a decision by the E.U. Council's 'Coreper' committee to endorse a plan to open up public sector data for re-use across Europe. She added that she was confident the European Parliament would also approve the plan in coming weeks.

"Opening up public data means opening up business opportunities, creating jobs and building communities," said Kroes. According to the Commission, wider availability of public data could boost economic activity by tens of billions of euros per year across the E.U.

Once fully implemented into national law, the revision of the 2003 Public Sector Information Directive would make all generally accessible public sector information, such as geographical data, statistics, meteorological data, data from publicly funded research projects and digitized books from libraries, available for re-use at zero or minimal cost.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags regulationsecuritylegislationgovernmentdata protectionprivacy

More about European CommissionEuropean Parliament

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jennifer Baker

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place