Browsing by Author "Kallio, Lila"

The subject of this Master’s Thesis is to analyze the compatibility of the purpose limitation principle of the General Data Protection Regulation (GDPR) and the big data phenomenon. The purpose limitation principle has been one of the core principles of European data protection law since 1970s and it requires personal data to be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. The big data phenomenon consists of an enormous increase of information and the automated use of it that has led to a considerable change in data processing practices. The focus of the research is on examining the meaning and content of the purpose limitation principle and analyzing its objectives in the context of big data. The research method of this research is legal dogmatic. Firstly, the thesis describes the purpose specification requirement as developed in the opinions of the Article 29 Working Party and examines the conflict between the requirement and the characteristic of big data in which data are analyzed to find correlations and trends that may reveal new uses for the data. The thesis concludes that in practice it is very difficult to apply the requirement in the context of data discovery. Secondly, the thesis examines the compatibility assessment of the purpose limitation principle in the context of big data. The Article 29 Working Party has developed in its opinions certain criteria for the compatibility assessment that have now been introduced in the legislative text of the GDPR. The thesis examines the requirements of the compatibility assessment in light of the characteristic of big data in which value is derived from data by re-purposing them in novel ways. The thesis concludes that the criteria of the compatibility assessment can be hard to fulfil when considering the characteristics of big data. There seems to be an inherent conflict between the purpose limitation principle and the big data phenomenon. It is questionable whether the principle of purpose limitation can still meet the objectives it was created to fulfil and whether it is still a viable way of protecting personal data.