A Multidisciplinary regulatory approach to big data and the rule of law

By Olimpia Affuso, Antonella Coco and Irma Mosquera Valderrama

This blogpost aims to address the problems in the regulatory framework on the use of big data from social sciences and tax law perspectives. This cooperation is possible due to the 2018 Conference of the World Complexity Science Academy (WCSA), organized by Prof. Andrea Pitasi, that took place in Rome between 12 and 15 November 2018. Some of the topics discussed in this conference will also be published in the Central European Political Science Review (forthcoming Spring 2019).

A social science perspective

In the era of Big data, social scientists are required to increase their efforts in exploring the impact of big data on social knowledge, and previsional and decision-making processes. Furthermore, they are required to explore new research methods based on digital information. With this regard, political answers have to be offered to a series of emerging risks: inequalities of data access, uncertainties in terms of data reliability, and personal data abuse.

We focus on the relationship between big data and social sciences, addressing two main questions: (i) the new challenges for social sciences arising from the big data revolution; and (ii) the role of politics in regulating the access and the use of big data within social sciences.

Gaps in the use of big data within social sciences

The focus of this contribution are the emerging breaks and gaps concerning big data and social sciences, namely: 1) theoretical-methodological; 2) technological; and 3) political-regulative.

By a theoretical-methodological perspective, we highlight several questions. The first one is that big data does not correspond to representative samples: in fact, not all subjects have access to digital platforms and, furthermore, the active Internet population is only a part of the whole Internet participation (Lombi 2015). The second issue concerns the possibility that knowledge based on large datasets could undermine the level of accuracy (Mayer-Schönberger Cukier 2013), which, on the contrary, could allow a greater detailed understanding of several phenomena. However, thanks to big data, it is possible to make previsions and to understand social phenomena at a macro level of analysis. Furthermore, big data seems to lead to new approaches, moving from a theory-driven perspective to data-driven knowledge. In our view, we are quite far from this direction: the development of new technologies requires also new theoretical approaches; big data assumes relevance in relation to the context in which it is generated; this context needs to be analysed through a theoretical perspective.

The technological gap regards the technological mastery for processing and analysing big data. In this sense, the cognitive process concerns also competences and skills in archiving and processing data, in order to transform it into a source of knowledge. In other words, we refer to the power of infrastructure, exercised in the developing and maintaining of databases. This power is always concentrated in the richer, more powerful research institutions, which in turn may also effectively generate distortions, according to their methodological and conceptual preferences (Leonelli 2018).

In addition to the mentioned breaks and gaps, we highlight the aspects that require the regulative intervention of politics. One of the emerging risks regarding the increasing inequalities is the access and use of big data (Giovannini 2016). The scenary of open data is not realistic if we consider the costs borne by the private sector and the risks of data abuse (Leonelli 2018). Big data is a particular category of goods (economically valuable), collected and processed by big companies, which sell it to third parties and tend to concentrate their power. National governments tend to regulate the circulation and commercialization of data. This is still an ongoing process that involves different public and private interests. Furthermore, a gap between national and supranational levels of regulation is also arising. In fact, data flows continuously across territorial borders, and companies have always a supranational dimension. These trends require an equally supranational regulation (Rabai, 2017; Catanzariti 2016). Further problems requiring political regulation concern the reliability of data, and therefore the control of their quality, the identification of universalistic reliability criteria, and the attribution of the relative owners of responsibility. Finally, big data poses problems to researchers concerning the privacy and protection of individual rights of people who publish their data or who offer personal data in exchange for allegedly free services (sometime without knowing how their data will be used and interpreted).

A tax law perspective

Automatic exchange of information and the use of big data

In taxation, the use of big data has also raised concerns regarding the lack of regulatory framework for the processing of data, and mainly personal data. Data is used for profiling taxpayers, for tax collection, and for law enforcement (for instance, to detect tax evasion). Big data allows to use data to identify attitudes and patterns, and to predict the behaviour of certain groups and communities.

The exchange of information has resulted in governments, supervisory authorities, banks, and, in some countries (mainly Nordic), taxpayers having access to personal data all around the world. As  stated by the OECD, “there are now already over 3300 bilateral exchange relationships activated with respect to more than 90 jurisdictions” committed to the Global Standard of Automatic Exchange of Information (Common Reporting Standard). This number is increasing and, as of December 2018, 104 countries/jurisdictions have committed to implement this standard.  However, there is no clarity in this new era of automatic exchange of information on who has the data: is the data properly collected and stored?, is the processing of data allowed by law and properly monitored? These questions also demand a regulatory framework that protects the processing of data. An introduction to some of these problems has been made at the presentation at the WCSA conference on the  processing of personal and business data and the rule of law in the era of digital trade.

One binding instrument: Convention No. 108

The following paragraphs will focus on some of the changes introduced in the Council of Europe No. 108 for the protection of individuals with regard to the automatic processing of personal data in respect of big data. The Convention No. 108 is the only binding instrument that can potentially have a worldwide application, since the 2001 Protocol opened this Convention to countries non-members of the Council of Europe (third countries). However, the scope of application is limited since only few third countries have ratified this Convention (Debelva & Mosquera 2017). As of December 2018, 6 countries i.e. Cabo Verde, Mauritius, Mexico, Senegal, Tunisia, Uruguay have ratified this Convention.

Convention 108 and the use of big data

The Convention No. 108 protects the individual against abuses which may accompany the collection and processing of personal data and at the same time regulates the cross-border flow of personal data. However, in order to modernize this Convention and address the challenges of big data, the 2018 Protocol amending the Convention No. 108  was approved in May 2018 and open for signature as of 25 June 2018. The modernisation of Convention 108 pursued two main objectives: to deal with challenges resulting from the use of new information and communication technologies, and to strengthen the Convention’s effective implementation.

Among other changes, in the 2018 Protocol, art. 11 introduce new rights for the persons in an algorithmic decision-making context, which are particularly relevant in connection with the development of artificial intelligence. For instance: (i) the data subjects have the right not to be subject to a decision significantly affecting him or her based solely on an automated processing of data without having his or her views taken into consideration; and (ii) in order to obtain confirmation of the processing of personal data on request, at reasonable intervals, and without excessive delay or expense,, the communication of the processed data must take place in an intelligible form in order to ensure the transparency of processing.

In addition, art. 12 of the 2018 Protocol introduce additional obligations for signatory countries, mainly regarding big data. These obligations include: (i) the implementation by controllers/processors of technical and organizational measures, which take into account the implications of the right to the protection of personal data at all stages of the data processing; (ii) the examination, prior to the commencing of such processing, of  the likely impact of intended data processing on data subjects’  rights and fundamental freedoms ; and (iii) the design of the data processing in such a way that it prevents (or minimizes) the risks of interference with those rights and fundamental freedoms. These changes aim to make data controllers/processors aware of the data protection risks of processing big data, and to take them into account when designing their data processing systems.

Challenges in the regulation of big data

This post addresses the challenges to regulate big data from a methodological, technological, political-regulative, and legal (tax law) perspective. Nowadays, the increase of the use of internet platforms, the raise of digital trade, the analysis of automatic processed data for enhancing public sector performance, social participation, and tax collection and enforcement, requires a regulatory framework that provides rights for data subjects, as well as obligations for countries and data processors and controllers. This regulatory framework needs a holistic approach that takes into account different disciplines among others trade, internet governance, social sciences, , data protection and tax law.

More data means more responsibilities for all actors involved in the collection, processing, and analysis of this data.  If the use of big data is relevant to enhance the countries’ democratic processes and compliance with rules, the protection of the processing of this data (including personal data) is also relevant in order to enhance the rule of law. Therefore, the challenge for governments is to adopt the Convention 108 while, at the same time introducing safeguards to guarantee the safe and adequate use of the data (see also Debelva & Mosquera 2017).

Bibliographical sources

  • Catanzariti M. (2016), Dalla terza rivoluzione ai Big Data: spunti per una ricostruzione, in Falce V., Ghidini V., Olivieri G. (eds),  Informazione e Big Data tra Innovazione e Concorrenza, Giuffrè Editore: 21-34.
  • Giovannini E., (2014), Scegliere il futuro. Conoscenza e politica, al tempo dei Big data, Bologna, il Mulino.
  • Leonelli S. (2018), La ricerca scientifica nell’era dei Big data, Meltemi.
  • Lombi L. (2015), “La ricerca sociale al tempo dei Big Data: sfide e prospettive”, Studi di sociologia (2),: 215:217.
  • Mayer-Sconbergere V., Cukier (2013) K., Big data. Una rivoluzione che trasformerà il nostro modo di vivere e già minaccia la nostra libertà, Garzanti, Milano, Garzanti.
  • Rabai B. (2017), “I big data nell’ecosistema digitale: tra libertà economiche e tutela dei diritti fondamentali”, in Amministrare (3).