The Regulation of Personal and Non-Personal Data in the Context of Big Data

Abstract

Data protection laws provide minimum protections for personal data, as well as facilitate the free flow of such data, by setting out principles and rules for legitimate data processing. In the big data context, personal data may not be as easy to distinguish as in traditional data processing, and that makes policy-makers and businesses turn to the identifiability concept: in other words, what data are personal. This research is based on doctrinal legal researchon the legal theory (concepts, rules, and principles) concerning data protection in the EU and Indonesia. The results of the research show that the understand such paramount terminology in data protection law, relevant factors are presented to assess the direct or indirect identification of a natural person. In the EU data protection law, the test entails, for example, risk-based measures and technological development, whereas Indonesian law on data protection has not yet established such assessments. Data within big data operations traditionally falls under the scope of data protection laws only if it discloses the private life of individuals, such as names or other civil identities, but without further conditions to ascertain whether the data can be indirectly identified with an individual.