Big Data, Artificial intelligence, Machine learning

“Tracking” and “Profiling, two intertwined concepts

Each person leaves behind a great number of digital footprints each day, whether this be during their online navigation, their use of mobile apps or connected objects, their shopping, their travels…

The “tracking” or monitoring of an individual can allow entities to measure their audience in an aggregated statistical format. It can also be used to construct a profile of the said individual in order to send them targeted advertisement and personalized services.

Numerous solutions are used for these purposes: Javascript, Supercookies, Fingerprinting, various mobile sensor devices, Deep Packet Inspection (DPI)…

By increasing the possibilities of interconnecting the collected “Online” and “Offline” data, Big Data increases the risk of violating an individual’s confidentiality, rights, and liberties.

What is “Profiling”?

“Profiling” is an automated processing of data whose purpose is to analyze or predict an individual’s personality or certain aspects about them such as: their work performance, their economic situation, their location, their health, their preferences, their loyalty or their behavior.

An individual’s profile is in itself personal data.

The European General Data Protection Regulation structures the legal framework of these automated processing of personal data, and more specifically “profiling”.

In practice, a company can only be as intelligent as the sum of all of their observations collected by the various business information systems which can also be supplemented by external data sources. “The data finds the data”, it is up to the user to determine the pertinence and the proportionality of the predetermined criteria.

The processing of Big Data requires a Data Protection & Privacy by Design approach. This approach means integrating the following principles:

• The minimization of data,
• The de-identification or anonymization of personal data,
• The management, traceability, and supervision of access to the data.

No Big Data Without Taking into Account Data Protection and Privacy

Companies with a Privacy by Design approach, will save time, money and effort while fostering clients trust and fidelity.Certain data processing may not be implemented without you carry out a Data Protection Impact Assessment and if there is still high risk for the data subjects rights and liberties, then you’ll need to get the CNIL’s prior authorization:

• If the processing is likely to exclude individuals from benefiting from a right, a service, or a contract;
• If the processing includes the interconnection of files used for differing purposes;
• If the processing displays directly or indirectly “sensitive” data;
• If the processing includes observations regarding an individual’s social or financial difficulties.

Moreover, all individuals have the right to obtain from the data controller all necessary information enabling the individual to understand and contest the logic used in the automatic decision-making processing which produce legal effects concerning them.

Nevertheless, the quantity and the variety of the processed data can result in the processing of sensitive data by means of the fusion and the crossing of seemingly benign data which result in the re-identification of individuals.

If the processing is not sufficiently structured, the Big Data processing can impede upon individuals’ fundamental rights and liberties: violation of the right to one’s private life, identity fraud, exclusion, discrimination or stigmatization, the deprivation of liberty or rights…

Risks Inherent to Technologies Used in Big Data Processing

Faced with the variety of data which are largely non-structured (text format, images, video, sound, sensor data, information flows, digital traces), because of their volume and their velocity (data generation, collection and modification frequencies), the typology SQL, qualified as too rigid, no longer effectively fulfills the need for the exploitation of Big Data.

Big Data technology is based upon the inferential statistics, non-relational databases (NoSQL), which enables the processing of large volumes of data which have very low potential for being pertinent data.

Then, the data are subject to massive parallel processing which consists of distributing the information amongst thousands of nodes.

Once this task is completed, the partial results are brought together to form a final result that is sent to the Analytics frameworks.

The Big Data processing requires the intervention of a number of actors and solutions more or less managed by the data controller and just as many risk factors for the confidentiality and security of the data collected as well as the compliance of the data processing.