The legal challenges posed by Big Data: questions of exploitation and protection
Based on the example of intelligent traffic, this project examines who can determine the use of data generated by driving automation, for instance. Who has the right to make profit from such data, what role does data protection play – and could the data generated by driving be taken as evidence and used in criminal proceedings to press charges against the will of one of the parties involved?
Portrait / project description (completed research project)
Current legislation is not able to meet the challenges posed by Big Data. It factors in neither the benefits nor the risks of processing large volumes of data, potentially affecting individual rights. Taking the example of intelligent traffic, this research project examines four key subquestions: Who “owns” the data that comes from automated driving? What role does data protection play? When can data be used as evidence in criminal proceedings? And can the manufacturers or users of highly automated cars file for criminal prosecution if data is uncovered by third parties through spying and then published? Taking current law as a starting point, the project creates a framework for a group of specialists from academia and practice to draft recommendations for new statutory provisions.
Technical advances are frequently ahead of changes in the law, and this applies to the use of Big Data. Driving automation, for instance, produces huge amounts of data the use of which is inadequately regulated in terms of data protection, access or portability rights. This raises numerous questions: Do users of automated driving systems need to be protected against unrestricted data evaluation? Or should they be entitled to a share in the value of the data generated during operation? And what if the reconstructed pattern of movements is of interest not only for the purposes of personalised advertising but also to the criminal prosecution authorities?
The initial objective is to establish whether current legislation permits adequate regulation of Big Data. This is a source of legal uncertainty that is proving to be an obstacle to the development and application of technological innovations. Where there is insufficient regulation, recommendations for legislative changes will be drawn up. Interdisciplinary collaboration will help to promote mutual understanding between technical and legal experts in the Big Data domain.
The project provides a forum for an analysis of the legal framework relevant for the development and exploitation of Big Data, using the example of automated driving and intelligent road traffic. It analyses current law and presents prospects for further development. The findings will be useful for developers and users and will also benefit legal practice and legislative initiatives.
The project identified the need for legal reforms, in particular, with regard to the following areas:
Swiss Law needs a fundamentally new approach to “data rights”. In contract law and in tort law the first-blush ideas about “data ownership”, and consequent entitlements, ought to be replaced by novel legal concepts of rights to “data transfer”, rights to “data access” and innovative theories concerning the notion of “data holders” vs. “data trustees”. A “property law” in personal or non-personal data is likely to cause more harm than good, with its risks for competition and innovation. Individual consent to data processing will remain the crucial instrument to ensure human-centred and fair trading in data.
In criminal law the notion of who is a victim of data crimes must be reshaped with contemporary ideas of who actually suffers from compromised data and thus ought to be entitled to press charges or block public proceedings. Following up on the idea of a “data trustee”, it is important to rather look for the “data privileged” than for a classic crime victim, on the one hand. On the other hand, criminal procedural law must acknowledge what the access to a plethora of data, processed by Artificial Intelligence (AI) means for fact-finding and its limits. Eventually, we must redefine the limits of trustworthy and fair fact-finding in the digital age: With ambient intelligent environments on the rise, methods of establishing the elements of alleged criminal conduct and the way in which such elements are proven in court change fundamentally. A corresponding legal framework must define the requirements for “machine evidence” and “robot testimony”.
Legal Challenges in Big Data. Allocating benefits. Averting risks