Over the past few years big data analytics have forcefully entered the mainstream. Admittedly, mod- ern life would be inconceivable without the services afforded by this type of processing in the field of electronic communications. At the same time public administrations are increasingly discovering the benefits of big data analytics afforded to them by telecommunications operators. Nevertheless, despite public attention and high volumes of expert analyses, the majority of approaches on the challenges to personal data protection by this type of data processing remains theoretical; Tellingly, the EDPS speaks of the “black box” of big data analytics. However, the authors were able to open, and stare into, the “black box” of big data analytics in the electronic communications field in 2017 and 2018 in the context of GDPR compliance assessments. Their analysis first attempts to set the legal scene today, answering two crucial questions on scope and applicable law, before presenting a typology for a scalable and granular approach that the authors feel is necessary but nevertheless is missing from the text of the draft ePrivacy Regulation. The authors therefore conclude that processing requirements and particularities, as evidenced under the big data analytics paradigm, make necessary a much more detailed approach than the one afforded by the draft ePrivacy Regulation today. Until these needs are met, through the introduction of a new, fundamentally amended text, the authors suggest that the current regulatory framework and the mechanisms afforded by it be extended for an interim period, so as to afford legislators with the necessary space and time to revise their work.
Read full abstract