Abstract
The author reviews how legal policy on Big Data works and raises certain concerns on its application and use. The study covers methodology of Russian legal policy and legal policies of foreign countries and contains discussion on a universal legal policy on Big Data. It also discusses the issues of personal data and big data coherent relationship. The author concludes that Big Data must be considered and regulated as personal data. The author also presents reasons in favor of regulating Big Data separately.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Market participants’ awareness of the commercial value of information as an independent asset gave rise to the need for the development of special processing technologies for the so-called “Big Data”. The characteristics of Big Data are defined through the model of three V(s): (1) large volume (Volume); (2) data variety (Variety); (3) high speed of data transmission (Velocity). Later, another characteristic was added, Value—the value of the data itself. Information markets are not just a specific sector of the economy, but the foundation for all modern innovative economic systems.
The way we used to analyze information before digital world has appeared is no longer adequate and relevant as it is completely impossible to process such huge amounts of data in a traditional way. New era presented us with the challenge of Big Data and while it is the solution to storing and processing giant loads of data it is also an issue of privacy and control. Companies that introduce innovative technologies into their activities are on top. So, digital technologies based on Big Data analysis are increasingly used by companies to improve the quality of goods and services, as well as the services provided to consumers, predict market trends, and adjust digital models while minimizing cost.
This new brave world needs a comprehensive legal policy that covers the creation, storage, distribution and use of information, since the lack of regulation of these aspects leads to various abuses in relation to the rights and legitimate interests of the subjects of such data and other third parties.
2 Methodology
The use of the synergistic method in modern legal research suggests that the problem of comprehensive legal regulation of Big Data is cross-sectoral in nature, since it affects the spheres of civil, financial, competition law, intellectual property law [1] and a number of other legal branches that affect entrepreneurial activity.
Synthesis as a method of scientific knowledge allows to study the issue of legal regulation of Big Data, the interconnection of Big Data with other end-to-end technologies, such as artificial intelligence technologies and the Internet of Things [2]. It is no coincidence that, after lengthy discussions, the Russian Federation eventually abandoned the adoption of an independent policy for Big Data, as well as one on the development of artificial intelligence. Data analysis is utterly necessary for the development of artificial intelligence technologies. So, the collection of huge amounts of machine data is primarily provided by the Internet of Things. But artificial intelligence itself, including machine and deep learning, can be seen as key technology that allows to extract maximum value from Big Data.
Traditionally, when it comes to regulating a new object, there is a need for setting its legal definition. However, in the case of Big Data, the situation is different. Attempts to introduce any definition into Russian legislation have so far been unsuccessful. According to the position that the researchers has consistently defended, the creation of a single term describing Big Data is impractical, given that the categories of processed information constantly change and the term itself serves as a kind of metaphor, which does not allow to legally define it [3].
Turning to the method of comparative jurisprudence, we note that the legislation of foreign countries does not provide a definition of Big Data either, which generally confirms the above. Yet even outside the legal area, a single generally accepted definition of Big Data has not yet been developed. Basically, the existing approaches to understanding Big Data are based on understanding it is a set of a dynamically changing information array, which is valuable due to its characteristics and the possibilities it brings for data use and processing. At the same time, there are endless attempts to improve the definition, new scientific and non-scientific publications come out, in which the need to supplement the definition with new characteristics is justified.
3 Results
Legal researchers nowadays closely discuss and study the relationship of Big Data and personal data, their connection, the basics of their content and the sphere of their use. All such discussions center on whether we must consider them as parts of one or as two totally different concepts and therefore how legal policy must be developed and issued. In Russia we recognize all data that may contribute to identifying a person as personal data and the same approach is widely common in Europe [4]. The Personal Data Law defines it broadly enough. The law defines that identification markers can be either direct or indirect but must contribute to person’s identification through them and make it possible. Such approach allows to broaden the data pool of personal information. Big data is defined as a collection of digital data compiled using a wide-profile computer algorithm and used by numerous companies, corporations, and government agencies [5].
At first glance, the essential difference between personal data and Big Data is that Big Data does not really carry any distinctive personal information on a person, as it is a huge storage set of data arrays on dozens of topics. The technology of Big Data processing allows to set aside blocks of information and structure the information so that it can be analyzed properly and here personal data issue arises as that block is inherently a compilation of digital traces of a person that make up a digital profile. Users leave such traces constantly and repeatedly and the information constantly updates. Even though such profiles are initially depersonalized, certain tools can be used to reverse that and identify the user. Such reidentified data cannot be recognized as depersonalized as it immediately corresponds to the concept of “personal data” [6].
The bill on Big User Data in Russia is now a concept that was forwarded by Roskomnadzor and dealing with a sensitive and relevant topic. It is far from perfect and is widely criticized both by legal scholars and citizens.
According to the second point of view, which is presented in the rejected bill, Big User Data should be regulated by a separate legal policy. The bill defines Big User Data as a collection of information about individuals and (or) their behavior that does not contain personal data, which does not allow, without the use of additional information and (or) additional processing, to identify a specific individual, it is collected from various sources, including the Internet, the number of which exceeds a thousand network addresses [7].
The above shows that the legislator contradicts the notion that Big User Data should include “data on individuals that does not concern personal data”. The listed approaches to understanding Big Data correlate with two models of legal regulation: European and American [8]. Europe on May 25, 2018, adopted the General Data Protection Regulation, hereinafter referred to as the GDPR which tightly regulates policy on personal data, defining it rather broadly and leaning to regulate other types of data too. Europe approaches Big Data as it would any issue concerning civil and human rights of people, obliging data operator to comply with the current legal policy and adhere to the rules on all stages of data processing starting with data collection and ending with its destruction. GDPR also sets boundaries on depersonalized data use while granting such regime certain preferences as, for example, no need for consent [3]. Yet general consent to data processing has many requirements and is aimed at minimizing information asymmetry. It is also important to note that administrative control on these is fairly strict and solid and fines are rather high.
Alternative approach can be seen in the US where data issues are mostly regulated locally or on a self-regulatory level as companies set boundaries on their own. There is no general concept of personal data in the US so different states recognize different data as personal and set different bars for its protection. Control policy widely differs too as there is no single control body and some control functions are granted to different state agencies. Consent for data processing is equivalent to consumer consent to receive services.
As Russia long trades with EU it is obvious that we must unite our data policies with EU and connect Big Data to personal data rather than regulate them separately. AS GDPR already applies to foreign users operating and trading, exchanging goods and information in EU, the more similarities there are in Russian and EU policy, the easier comes economic growth. The same goes for Russian data policy requirements on international operators complying to requirements and control issues. Also, Russia nowadays is not recognized as a country that provides an adequate level of data protection [9].
4 Discussion
Considering the above, it seems that the Russian legislation on Big User Data should be based on the European one and yet reflect Russian realities. At the same time, one should not regulate Big User Data in isolation from personal data legislation, as that creates a parallel legal regime for it. The much more effective and relevant reaction would be to improve current legal policy and provide it with more clarity on regulating personal data as well as add policy on technology use and data control [10].
An experimental legal regime is used to test policy, it allows to enact new policy on a certain territory for a certain period and study the results. Such special regulation presupposes, for example, the non-application of certain normative legal acts or their individual norms. It enforces the establishment of the experimental regime which establishes mandatory requirements for licensing, accreditation, certification, mandatory confirmation, obtaining permits, sending and receiving legally significant messages, methods of identifying the parties to legal relations in the field of digital innovations. Test policy is quite extensive and includes the use or operation (including development and testing) of digital medical technologies, including telemedicine, technologies for collecting and processing information about the state of health and patient’s diagnosis; highly automated vehicles; e-learning and distance learning technologies—both in educational and professional activities; new technologies in the financial market; new technologies in sales.
It is important that setting a legal regime to test a policy will be possible not only if the general regulation of relations in the relevant area contains requirements, restrictions or prohibitions that significantly complicate the implementation of digital innovations, but also in cases where such general regulation is, in principle, absent. Special regulation should guarantee the emergence of new types of economic activity, or an increase in the quality and availability of goods, works and services, or a decrease in costs and an increase in profits from entrepreneurial activity, or an increase in the efficiency of state or municipal management, including the provision of state and municipal services. The preferences associated with test legal regime must also be established for Big Data technology.
5 Conclusion
Big Data is used for user profiling that is achieved by using data collected from all sorts of digital networks and apps and processing it into a digital profile. One could say that when entering any digital space, a person usually grants consent for the processing of his personal data and yet it is necessary to mind that data flows further and no consent is given for further processing as the user lacks information on further data processing [4]. The fact that technology now allows to deanonymize a user who has no clear idea of how his personal data is stored and used after it left the first operator to raise concerns on data abuse and criminal risks. To avoid violations of personal data regime firm and strict control measures must be set in addition to serious improvement of legal policy itself. Legal policy on Big Data is supposed to wave concerns of Big Data nature and regime as it must explain the basics of it as well as set restrictions and requirements to its use. Legal science ought to join in and conclude on policy’s value basis and regime basis as there can be no good policy outside a thought-out broad research. To sum up this study, it is fair to say that Big Data must be regulated as personal data and all the issues of digital profiling and individual identification must be resolved and thoroughly controlled. There are many issues that must be resolved, as, for example, consent, yet there is EU policy and practice to pave the way and homeland practice to identify all the needs for growth and improvement.
References
Voinikanis, E.A.: Regulation of big data and intellectual property law: General approaches, problems and development prospects. Law 7, 135–156 (2020)
Andrew, J., Baker, M.: The general data protection regulation in the age of surveillance capitalism. J. Bus. Ethics 168, 565–578 (2021)
Botta, M., Wiedemann, K.: To discriminate or not to discriminate? Personalised pricing in online markets as exploitative abuse of dominance. Eur. J. Law Econ. 50, 381–404 (2020)
Romanova, A.Y.: On the issue of the legal policy on Big Data. Constit. Municipal Law 8, 20–25 (2019)
Gubaydullina, E.K., Churakov, A.N.: Legal regulation of big data in industrial systems: Problems and development prospects. In: Ashmarina, S., Mantulenko, V., Vochozka, M. (eds.), Engineering Economics: Decisions and solutions from Eurasian Perspective. Engineering Economics Week 2020. Lecture Notes in Networks and Systems, vol. 139, pp. 489–494. Springer, Cham (2021)
Loshkarev, A.V.: Applied pattern of artificial intelligence and big data in business. In: Ashmarina, S., Mantulenko, V. (eds.), Current achievements, challenges and digital chances of knowledge based economy. Lecture notes in networks and systems, vol. 133, pp. 383–388. Springer, Cham (2021)
Bill N 571124-7 “On amendments to the federal law “On information, information technologies and information protection”, as introduced to the State Duma of the Russian Federation on 23.10.2018. http://sozd.duma.gov.ru/bill/571124 -7. Accessed: 11 March 2021 (2018)
Savelyev, A.I.: Directions of regulation of Big Data and protection of privacy in the new economic realities. Law 5, 122–144 (2018)
Papakonstantinou, V.: Big data analytics in electronic communications: a reality in need of granular regulation (even if this includes an interim period of no regulation at all). Comput. Law & Secur. Rev. 36, 105397 (2020)
Federal Law of 31.07.2020 N 258-FZ “On Experimental Legal Policies in the Field of Digital Innovation in the Russian Federation”. http://www.consultant.ru/document/cons_doc_LAW_358738. Accessed: 15 May 2021 (2020)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Churakova, E.N. (2022). On Issues of Big Data Legal Policy Application in the Russian Federation. In: Ashmarina, S.I., Mantulenko, V.V. (eds) Digital Technologies in the New Socio-Economic Reality. ISCDTE 2021. Lecture Notes in Networks and Systems, vol 304. Springer, Cham. https://doi.org/10.1007/978-3-030-83175-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-83175-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-83174-5
Online ISBN: 978-3-030-83175-2
eBook Packages: EngineeringEngineering (R0)