Big Data and security policies: Towards a framework for regulating the phases of analytics and use of Big Data

Abstract

Big Data analytics in national security, law enforcement and the fight against fraud have the potential to reap great benefits for states, citizens and society but require extra safeguards to protect citizens' fundamental rights. This involves a crucial shift in emphasis from regulating Big Data collection to regulating the phases of analysis and use. In order to benefit from the use of Big Data analytics in the field of security, a framework has to be developed that adds new layers of protection for fundamental rights and safeguards against erroneous and malicious use. Additional regulation is needed at the levels of analysis and use, and the oversight regime is in need of strengthening. At the level of analysis – the algorithmic heart of Big Data processes – a duty of care should be introduced that is part of an internal audit and external review procedure. Big Data projects should also be subject to a sunset clause. At the level of use, profiles and (semi-) automated decision-making should be regulated more tightly. Moreover, the responsibility of the data processing party for accuracy of analysis – and decisions taken on its basis – should be anchored in legislation. The general and security-specific oversight functions should be strengthened in terms of technological expertise, access and resources. The possibilities for judicial review should be expanded to stimulate the development of case law.