Lexicon > Big data

IT Lexicon

Big data

Big data is a concept characterized by extremely large sets of diverse data, structured and unstructured, particularly relating to consumer behavior, publications on social networks or even geolocation.

The amount of Big Data is so large that new technologies are needed to store it and extract value from it.

Big data has five main characteristics, known as the 5Vs: Volume, Velocity, Variety, Value and Veracity.

  • Volume refers to the amount of data;
  • Velocity refers to the time it takes to create new data and transmit it;
  • Variety refers to the diversity of the data, structured or unstructured;
  • Value refers to both the cost of processing the data and the wealth created by its processing;
  • Veracity refers to the relevance, accuracy and objectivity of the data.

Big data raises important issues due to the processing of personal data, which is governed by the GDPR and the French Data Protection Act.

Indeed, if Big Data promotes the collection and massive storage of data, the regulations require that only the personal data strictly necessary for the purpose of the processing must be processed by the data controller.

Moreover, the notion of Volume may not be adapted to the notion of limitation of the duration of storage of personal data which requires the data controller to delete the data as soon as the purpose of the processing for which they are processed is achieved.

Finally, the processing of personal data is only possible if the data controller has a valid legal basis, which can thus constitute an obstacle to Big Data in favor of the protection of the rights and freedoms of the data subject.

GDPR Point

Processing shall be lawful only if and to the extent that at least one of the following applies:

    1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
    2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    3. processing is necessary for compliance with a legal obligation to which the controller is subject;
    4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
    5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

Article 6, paragraph 1 of the GDPR

Point of jurisprudence

The Spanish supervisory authority recalls that “in cases of profiling and automated decision-making, interested parties or consumers must have access to their profile to ensure transparency, as well as to the logic of the decision-making process (algorithm) that gave rise to the decision.

In other words, organizations must disclose their decision-making criteria. This is a fundamental guarantee and is particularly important in the world of Big Data “.

Agencia Española de Protección de Datos, January 13, 2021, N° PS-00477-2019

The Bouchara Law firm assists you in particular in :

  • Making your organization GDPR compliant;
  • The drafting of data protection policies (privacy policy, computer charter …);
  • Documentation of your processing (register of processing activities, register of violations, privacy impact analysis, prior consultation…);
  • Obtaining certifications and adhering to codes of conduct;
  • The study of the legal feasibility of the implementation of a new personal data processing;
  • The drafting and transmission of your codes of conduct to the CNIL for approval;
  • Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;
  • Drafting and negotiating your data processing agreements (DPA);
  • Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;
  • Training and awareness of your employees.

We are also the external Data Protection Officer of many data processors and subcontractors.