Abstract
The article analyzes the concept of “Big Data” in terms of semantic content and legislative regulation. It includes a comparative review of legal regulation and law application of this technology in Russia and foreign countries. In this article problems of legal regulation of the application of this technology are identified. It has been established that the most significant factor hindering further development of Big Data in Russia is, firstly, the lack of “Big Data” legal definition. Yet secondly, there is constant search for a compromise between the need of business entities to ensure the maximum possible availability of data so that the business is cost-effective,, on the one hand, and on the other hand, the urgent need to ensure the proper level of confidentiality and security, especially concerning the protection of personal data. Despite a number of existing problems, the article points to the prospects of using Big Data not just in industry, but also in other areas of society.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
The introduction of such a phenomenon as Big Data into the public and economic life of Russia is undoudtedly a big step towards the development of “digital economy”. In accordance with the big data market development strategy until 2024, developed by the Big Data Association (BDA) together with BCG, the overall economic effect and revenue growth of all Russian industries due the use of big data is expected to result in 1.2% up to 3% of GDP growth. Moreover, such a result will be possible due to the additional revenue of Russian companies, which they will be able to get due to the development of products, services and big data technologies [7].
Basically Big Data means not even the information itself but information and technology (as a combination of huge amounts of data processing methods from various sources). This concept (Big Data) consists of two elements. The first element includes the so-called “raw data”, which will include the speed of the appearance of new data, the processing speed of this data, as well as huge physical volumes. The second element of Big Data are special developed technologies and methods that are used in the processing and application of this data for commercial purposes [1]. Sources of Big Data are various containers of information, particularly Internet, commercial data of companies, testimonies of technical devices, databases of public authorities and much more.
It is worth noting that Big Data is a valuable economic resource, and the list of the most valuable IT companies of the world - Microsoft, Facebook, Apple, etc. are the proof of that. Many experts call Big Data “the new oil” [5]. The scope of Big Data is diverse, it is used in e-commerce and retail [2], in the field of financial sphere, telecommunications, state and corporate governance, etc. It is in this case that it is important to structure contracts between companies that accumulate Big Data and/or want to commercialize them and companies that can provide services for the technical analysis of such data. The key aspect for the parties would be to ensure the confidentiality of the data that will be submitted for analysis.
For all its perspectives and significant opportunities provided by the use of Big Data, it should be noted that the issue of legal regulation of this concept remains open to this day. From the side of business, there is an increase in suggestions on the need to reform existing legislation in order to reduce the “backlog” of law from technological progress and to promote the development of the digital economy.
2 Methodology
In the process of writing the article, the author applied various methods of scientific knowledge. The main ones are materialist dialectics, as a universal approach to objective knowledge of reality and a method of system knowledge, which allowed to consider the category of legal responsibility as a system object with its own specific manifestation, including the field of administrative law. Amongst general scientific methods used in the article, we can name: analysis and synthesis; induction and deduction. In the process of research such private-scientific methods of cognition as formal legal, comparative legal and logic were applied. So, for example, the formal legal method turned out to be quite useful in the interpretation and study of regulatory documents.
3 Results
The use of Big Data provides new levers of influence on the competitive situation in the business sphere, but at the same time rise the chances of unauthorized distribution of personal information. The digital economy and the amount of processed data, in particular, develop at an enormous rate. This clearly reflects the lag of state regulation from the realities of the sphere in question and this void is becoming increasingly noticeable. Attempts to regulate the concept of Big Data were made in 2020 by introducing the Big Data Bill. However, this bill did not reach the expected result. The provisions of the bill were criticized by business representatives and government bodies, for example, the rules on the need for user consent to Big Data processing are virtually impossible.
More significant steps are the amendments entered to the Civil Code of the Russian Federation (hereinafter referred to as the Civil Code of the Russian Federation) [10] on “digital rights”. As a result a new type of agreement was entered into the Civil Code of the Russian Federation on the provision of services for the provision of information, art. 783.1 of the Civil Code of the Russian Federation. Parties to this agreement may set the condition of confidentiality of the transmitted information, set the obligation not to take actions for the alienation of information or other actions that contribute to its disclosure to third parties during a certain period of time. These innovations are especially important in conditions of low efficiency of implementation of NDA-agreements.
The adopted amendments definitely have a significant impact on the formation of the legal regulation of Big Data, but still do not resolve most of the mentioned issues. For example, it remains unclear whether the operator should obtain the consent of each subject of information to provide data, and also inform the subject about the purpose, methods and types of information that will be collected and processed, since at present the processing of data without the consent of the subject is not legal. Thus, today the question arises of the urgent need to adopt a separate regulatory act aimed at revealing the content of concepts and detailed regulation of the use of information technology, as well as the creation of national standards for processing big data arrays.
4 Discussion
The issue of legal regulation of Big Data is one of the most important not only in Russia, but also in the global legal community [9]. Its significant economic impact on the most vital sectors of the economy requires a quick response. For example, Aeroflot, using Big Data, calculated that out of 32 million passengers, the company had only 10 million unique ones, and only 1.2 million of them provided 50% of the revenue [7]. Based on this information, the company managed to reduce advertising costs. At the same time, the legal side of Big Data allows to outline the vector of legal approach to regulating its application, and it has not been properly studied.
Since 2017 the “Digital Economy” program [7] has been running in the Russian Federation, this program is aimed at developing the country’s innovative potential. According to this program, Big Data is “end-to-end technology”, in other words - breakthrough digital technology. The Digital Economy program provides users with the right to receive remuneration for the collection and use of data, as well as its exclusion from circulation in the event of failure. Business representatives proposed the concept of the Big Data bill that aimed to attract special intermediary companies that have information about finding Big Data from data operators and transmit the required information for a certain monetary reward. I think this proposal is not advisable, firstly, from an economic point of view, since it leads to a rise in price, secondly, it introduces the risk of market monopolies and loss of pricing flexibility, and thirdly, it creates the risk of losing control of subjects of rights over their personal data, causing harm to both operators and Big Data entities.
It is worth noting that Big Data was also mentioned in the Strategy of the information technology industry for 2014–2020. However, in these programs, as well as in the legislative act that attempts to regulate the use of Big Data, Federal Law of July 27, 2006 No 149-FZ “On Information, Information Technologies and the Protection of Information” [3] does not even contain a legal definition of the concept of Big Data Based on an analysis of the latest revisions of specialized laws, it can be concluded that the Russian legislator regulates Big Data as personal data and goes in the direction of localizing user data, significantly limiting cross-border data transfer. This position contributes to the withdrawal of European companies from the Russian market and damages the Russian economy.
Of course, the Russian approach has a right to exist. But it raises a lot of controversial issues. In conditions of legal uncertainty and discussion of coherence between the concepts of Big Data and personal data, as a guide, you can turn to the two most striking approaches to the search for an adequate balance between personal rights and business interests in the world - American and European.
The basis of the American approach is the understanding of “big user data” as an asset that brings profit to the business. Such ratio is highly bias to the profitability of the business, providing the maximum availability of information. And issues of confidentiality and data security are actually referred to the competence of the consumer and depend solely on his “cleanliness” in the transmission of data. I would especially like to draw attention to the fact that in the United States there is no single regulatory act aimed at the right regulation of the collection, storage and protection of both personal data and Big Data. The rules governing the above issues are dispersed in various industry and state acts [11].
Unlike the American model, on May 25, 2018, the European Union member states adopted the Pan-European Regulation on Personal Data Protection or the General Data Protection Regulation (hereinafter - GDPR, the “Regulation”) [4]. As the main principles of data processing, it indicates legality, fairness, transparency, data minimization, goal limitation, accuracy, storage limitation.
When adopting the Regulation, the provisions of many international legal acts on the fundamental rights and freedoms of man and citizen were accounted for. This consequentially influenced the fact that the Regulation governs big data from the position of priority of the rights and interests of the individual, and not as a digital asset. As a disadvantage of GDPR, it should be noted that Big Data is not consolidated into a separate category. But at the same time, the Regulation reveals the concept of Big Data as a large array of information, the source of which is various channels with a high transmission rate. The data itself can be created by humans or generated by computers.” The Regulation also significantly expanded the concept of “Personal Data”, namely, personal data refers to any information relating an identified or identifiable person (data subject), by which it can be directly or indirectly determined. Such information includes, but not limited to, the last name and first name, location information, online identifier, factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this individual, even IP addresses can be classified as personal data. Thus, Big Data is perceived as personal data in a broader sense. The GDPR has attempted to establish legal grounds for data processing. Processing is considered legal if the data subject has given consent to the processing of his personal data, or if it is necessary to fulfill a contract to which the data subject is a party. The latter wording is thought to be not entirely successful and enables companies to process personal data for no reason at all. But at the same time, enormous fines are imposed on companies for misuse of data (the size of the fine can reach 20 million euros) [6].
In general, the Regulation of the European Union is very logical and harmonious in terms of the regulation of primary data collection, its processing, depersonalization, use and destruction. GDPR basically has a number of legal decisions that can be borrowed to improve domestic regulation in this area. For example, the norms on the requirement for companies to publish information on leaks, payment of compensation and large fines are of great interest. It is believed that only such measures contribute to the responsibility of business and government bodies for the security of personal data.
5 Conclusion
Summing up, we can conclude that the EU approach to Big Data as an object of legal regulation is characterized by centrality, the priority of human rights and freedoms, such as the right to privacy, the right of access to information, etc. The US approach is to provide greater legislative power to individual territories (states). Big data is considered solely as a profitable asset.
If we talk about Russia, it is not yet clear which way the domestic legislator shall take on. Yet one thing is clear, partial reform of legislation in the field of personal data and information technologies regulation drawn by making small amendments and clarifications regarding Big Data does not solve the problem of their legal regulation. Obviously, due to their specificity, economic and social value, Big Data needs special regulation in a separate regulatory act. At the same time, it is important that such act accounts all the pressing issues of using Big Data: data collection, the ability to quickly extract useful information from their large volume and variety, data leakage, the liability of Big Data storage entities.
Russia is currently trying to build its own model of Big Data regulation, focused on total centralized control over its processing and use [8]. But as world experience and legal analysis of the GDPR rules show we should follow by the harmonization of the norms of Russian legislation with the rules of the Regulation. This would certainly serve to increase the level of the rights and legitimate interests of personal data subjects protection and at the same time increase entrepreneurial activity in terms of working with Big Data.
References
Celesti, A., Galletta, A., Fazio, M., Villari, M.: Towards hybrid multi-cloud storage systems: understanding how to perform data transfer. Big Data Res. 16, 1–17 (2019)
Elshawi, R., Sakr, S., Talia, D., Trunfio, P.: Big data systems meet machine learning challenges: towards big data science as a service. Big Data Res. 14, 1–11 (2018)
Federal Law of July 27, 2006 No. 149-FZ (as amended on April 3, 2020) “On Information, Information Technologies and the Protection of Information” (2020). http://www.consultant.ru/document/cons_doc_LAW_61798/. Accessed 24 Apr 2020
Habr: GDPR – New rules for the processing of personal data in Europe for the international IT market (2017). https://habr.com/company/digitalrightscenter/blog/344064/. Accessed 24 Apr 2020
Heuberger-Götsch, O.: The value of data from a legal perspective using the example of profiling. In: Fasel, D., Meier, A. (eds.) Big Data, pp. 83–105. Springer, Cham (2016)
Pearce, H.: Big data and the reform of the European data protection framework: an overview of potential concerns associated with proposals for risk management-based approaches to the concept of personal data. Inf. Commun. Technol. Law 26(3), 312–335 (2017). https://doi.org/10.1080/13600834.2017.1375237
Portal of the National Project “Digital Economy”: Regulation of big data (2020). https://digital.ac.gov.ru/opinions/4284/. Accessed 24 Apr 2020
Savelyev, A.: Russia’s new personal data localization regulations: a step forward or a self-imposed sanction? Comput. Law Secur. Rev. 32(1), 128–145 (2016)
Tao, H., Bhuiyan, Z.A., Rahmanc, M.A., Wang, G., Wang, T., Manjur, M.A., Li, J.: Economic perspective analysis of protecting big data security and privacy. Future Gener. Comput. Syst. 98, 660–671 (2019)
The Civil Code of the Russian Federation (part one) from 30.11.1994 № 51-FZ (as amended on 03.07.2016) (1994). http://www.consultant.ru/document/cons_doc_LAW_5142/. Accessed 24 Apr 2020
Tucker, D.S., Wellford, H.: Big mistakes regarding big data. American Bar Association (2015). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2549044. Accessed 24 Feb 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Gubaydullina, E.K., Churakov, A.N. (2021). Legal Regulation of Big Data in Industrial Systems: Problems and Development Prospects. In: Ashmarina, S., Mantulenko, V., Vochozka, M. (eds) Engineering Economics: Decisions and Solutions from Eurasian Perspective. ENGINEERING ECONOMICS WEEK 2020. Lecture Notes in Networks and Systems, vol 139. Springer, Cham. https://doi.org/10.1007/978-3-030-53277-2_58
Download citation
DOI: https://doi.org/10.1007/978-3-030-53277-2_58
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-53276-5
Online ISBN: 978-3-030-53277-2
eBook Packages: EngineeringEngineering (R0)