interpreted, Google’ s justification concerns an interest in itself allowed by the law 25. Yet, in a letter of the Working Party, Google was portrayed as not having demonstrated that it endorsed the key data protection principles, with Google’ s privacy policy signifying the absence of any limit concerning the scope of the collection and the potential uses of the personal data 26. Maybe on account of the purely persuasive nature of the method used, a letter, Google did not appear too much troubled by the concerns expressed by the Working Party. This led to other data protection authorities legally engaging Google, which has only lately committed with the UK’ s Information Commissioner’ s Office( ICO) to reform its views as far as their( unified) privacy policy goes 27.
It is easy to infer that technologies using or, more precisely, re-using larger data sets obtained from diverse unrelated sources, and automatically processed to an extent not dreamed of when the first data protection laws were adopted, render the obtaining of consent more difficult to put into practice( Tene, 2011, p. 273; De Hert, Papakonstantinou, 2016). Big data also challenges the principles of purpose limitation, and of relevance and accuracy of the data since it relies on data collected from diverse sources, and without careful verification 28. Moreover, although it is foreseen that data processing will be subject to supervision, enforcement and judiciary control( Art. 22 GDPR), reasonable doubts surface as to the effectiveness of these forms of control in the big data age( Lynskey, 2015, p. 273).
As the EDPS itself admitted,“ new business models exploiting new capabilities for the massive collection, instantaneous transmission, combination and reuse of personal information for unforeseen purposes have placed the principles of data protection under new strains” 29. The automatisation inherent to data mining renders the human choice at the stage of data collection rather illusive( Colonna, 2014, p. 299 ff). Besides, individuals can hardly exercise control over their data and provide meaningful consent in cases where such consent is required. This is all the more so as the precise future purposes of any secondary use of the data may not be known when data is obtained, undermining purpose limitation as well. Moreover, controllers may be unable or even reluctant to tell individuals what is likely to happen to their data and to obtain their consent when required 30.
A critical issue actually is the blurring of the public-private information frontier
25 However, the Article 29 Data Protection Working Party argued that additional guidance is needed in order
to have a common understanding of the very concept of legitimate interest.( Article 29 Data Protection Working Party, Opinion 03 / 2013 on Purpose Limitation, adopted on 2 nd April 2013. Available at: < http:// ec. europa. eu / justice / data-protection / article-29 / documentation / opinionrecommendation / files / 2013 / wp203 _ en. pdf >).
26 Article 29 Data Protection Working Party, Letter from the Article 29 Data Protection Working Party
addressed to Google along with the recommendations( Brussels, 16 Oct. 2012). Available at: < http:// ec. europa. eu / justice / data-protection / article-29 / documentation / otherdocument / files / 2012 / 20121016 _ letter _ to _ google _ en. pdf >( last accessed 18.03.2016).
27 Information Commissioner’ s Office( ICO), Google to change privacy policy after ICO investigation, 30 th
January 2015. Available at: https:// ico. org. uk / about-the-ico / news-and-events / news-andblogs / 2015 / 01 / google-to-change-privacy-policy-after-ico-investigation /( last accessed: 18.03.2016).
28 European Data Protection Supervisor( 2015), Opinion 7 / 2015, p. 8.
29 European Data Protection Supervisor, Opinion 7 / 2015, p. 3.
30 Article 29 Data Protection Working Party, Opinion 03 / 2013 on Purpose Limitation.
53