Big Data and the Reform of the European Data Protection Framework: : An Overview of Potential Concerns Associated with Proposals for Risk Management-based Approaches to the Concept of Personal Data.

Abstract

This article considers the emergence of big data and how it poses considerable difficulties for the European Data Protection framework’s key enabling concept: the notion of personal data. The article starts by outlining the fact that there is an emerging body of opinion which suggests some of these problems might best be addressed by adopting a risk management-based model of personal data. This, it is argued, is suggestive of the emergence of a possible fusion between the disciplines of data protection law and risk management. The article contends, however, that there are several complications associated with the adoption of risk management-based regulatory strategies which have to date not been meaningfully explored in the legal and regulatory literature pertaining to data protection. Consequently, these are issues in need of address. Whilst not intending to counsel against the adoption of risk management-based regulatory strategies the aim of this article is to begin bridging the metaphorical “gap” between legal, regulatory, and risk research and management discourses, to stoke much-needed debate in this topical area. To this end, the article highlights several areas which are in need of further consideration, and where there will likely be possibilities for future inter-disciplinary research.