Catálogo de publicaciones - libros

Big data is closely linked to the new, old question of data quality. Whoever pursues a new research perspective such as big data and wants to zero out irrelevant data is confronted with questions of data quality. Therefore, the European General Data Protection Regulation (GDPR) requires data processors to meet data quality standards; in case of non-compliance, severe penalties can be imposed. But what does data quality actually mean? And how does the quality requirement fit into the dogmatic systems of civil and data protection law?

M2M-communication will play an increasing role in everyday life. The classic understanding of the term “declaration of intent” might need reform. In this regard, the legal construct of an electronic person might be useful. The use of autonomous systems involves several liability issues. The idea of “defects” that is laid down in the product liability law is of vital importance regarding these issues. To solve legal problems in the field of big data the main function of law as an element of controlling, organizing, and shaping needs to be kept in mind.

For the first time, the General Data Protection Regulation (GDPR) will explicitly codify a right to be forgotten. This right will be laid down in Article 17. Yet, it more likely resembles a right to erasure. Furthermore, the member states are free to impose restrictions. A right to erasure already exists in the current German data protection law. To decide whether a claim for deletion must be admitted or not, various rights have to be weighed. On one hand, there must be considered the protection of personal data, the respect for the private life, and human dignity; on the other hand, the entrepreneurial freedom, the right to freedom of expression, the freedom of information, and the freedom of press have to be taken in consideration. Various criteria that are partly determined by the European Court of Justice help to weigh the different interests.

The planned General Data Protection Regulation (GDPR) will fundamentally reform the data protection law in Europe. In Germany, the GDPR is going to replace the current Federal Data Protection Act (Bundesdatenschutzgesetz) and will be directly applied by the authorities and courts. The GDPR has been negotiated since 2012 by the European Commission, Council and Parliament. It will enter into force in May 2018. The different levels of data protection within the EU are supposed to be standardized. There will be some areas, however, in which the member states will be authorized to enact own laws (e.g. regarding employee data protection). This paves the way for the further development of big data. The GDPR will—as far as foreseeable—loosen the screws on some relevant focal points of the data protection law, such as the principle of purpose limitation. However, this will not go as far as critics have feared. The German data protection level will be slightly lowered, while the European level will be raised on average. This will also have a positive impact on German actors at times of cloud computing and cross-border data processing.

Currently, the transfer of personal data to the USA raises several problems, since the Safe Harbor agreement between the European Commission and the US is no longer in effect. By now, companies can use the subsequent agreement called Privacy Shield. In the future, contractual arrangements are expected to become increasingly relevant. Whether this is a realistic long-term solution depends on the implementation of the ECJ’s guidelines.

Internet devices and digital resources such as MOOCs or social networking services (SNS) have become an essential element of learning environments that provide a wide variety of data. Using educational data mining (EDM) and learning analytics (LA), we can gain detailed insights into students’ learning behavior. Predictive analytics enable adaptive learning, databased benchmarking and other novelties. However, in Europe big data and education are not big topics yet; whereas, in the US the discussion about both the potentials and risks of linking and analyzing educational data is gaining momentum. Problems arise from the use of educational apps, classroom management systems and online services that are largely unregulated so far. That is particularly alarming with regard to data protection, IT security, and privacy. Last but not least, the analysis of personal educational data raises ethical and economical questions.

Old industry versus new industry: massive power struggles are expected within the automotive industry. Data sovereignty in the cockpit will bring substantial benefits in the future. With the assistance of cutting-edge IT, a variety of data will and already can be collected, processed and used in modern vehicles. Various parties pursue a keen interest in accessing a wide range of data sets in modern vehicles. For the legal classification of data the issue of personal reference, according to the Federal Data Protection Act (BDSG), plays a decisive role. This data may only be collected and processed within narrow limits. Fundamental questions must be discussed: To whom are the data legally assigned to? Who has the rights of disposal? And to whom do they “belong”? Autonomous driving is no longer just a dream of the future. Apart from the issues involving liability, ethical issues, in particular, need to be discussed. Concepts like “Privacy by Design” and “Privacy by Default” may be potential solutions. Data protection needs to be positioned on the same level as traffic safety and environmental protection. In this respect, the German automotive industry can assume a leading role.

Scoring is an assessment procedure, especially for the purpose of credit assessment. Big data did not “create” that kind of procedure but influences the calculation of probability forecasts by opening up additional data sources and by providing enhanced possibilities of analyzing data. Scoring is negatively connoted. While being connected to risks, it opens up opportunities for companies as well as for the data subject. Since 2009, scoring is regulated by the German Federal Data Protection act, which entitles the data subject to get information free of charge once a year. Currently, a draft amendment concerning scoring is discussed in Parliament.

Web tracking enables recording and analysis of user behavior and comes along in various manifestations. The use of cookies and social-plugins on websites, for instance, allows identifying how often a user visits a concrete website and which content he or she is interested in. Through this, companies “decode” the user behind its data and are able to provide targeted advertising. Even though web tracking may not be prevented entirely, different possibilities do exist to limit user analysis.

Wearables are body-attached computers, such as fitness wristbands, intelligent glasses, or even smart clothes. Approximately 14% of Germans use wearables—particularly to track their personal activity and fitness or to optimize their lives. Related terms are “Quantified Self” and “lifelogging”. Not only users, but also manufacturers, service providers, and insurance companies are interested in data collected by wearables. It enables corporate actors to offer individualized insurance tariffs or personalized health services. Important questions do not only relate to data protection and aspects of IT-security, but also to data quality, liability and data portability. However, many users blank out problematic issues of data protection and IT-security—or apply specific strategies of legitimation. For some users, permanent self-tracking is a source of motivation while others feel restricted, overwhelmed, or pressured by it.