Dati, algoritmi e Regolamento europeo 2016/679

Translated title of the contribution: [Autom. eng. transl.] Data, algorithms and European Regulation 2016/679

Fernanda Faini

Research output: Chapter in Book/Report/Conference proceedingChapter


[Autom. eng. transl.] The contribution is aimed at examining the provisions of Regulation (EU) 679/2016 and, in particular, the ability to regulate the current configuration assumed by data, big data. After a brief introduction on the characteristics of big data, the analysis will be conducted by analyzing the problems that big data, precisely in consideration of the ontological aspects that characterize them, pose in relation to the protection of personal data. Big data, characterized by volume (ability to acquire, store and access huge amounts of data), speed (ability to acquire and analyze in real time or at "high speed") and variety (heterogeneity in the type of data) , come from different sources, see algorithms as the protagonists of their uses and allow to achieve heterogeneous purposes ranging from the most in-depth knowledge of the present to go as far as the prediction of the future. Ontologically, big data show complex legal problems and the most interesting emerge precisely in the relationship with the discipline of data protection. In this regard, Regulation (EU) 2016/679 does not explicitly deal with big data, even if it seems to allude to it in some principles and tools. Specifically, to this end, the European regulation will be examined in the elements that still seem to clash with effective protection and the tools that, on the other hand, can be appropriately used and that are well suited to the context of big data. In consideration of the characterizing features, the use of big data seems to clash with key tools of the European regulation, such as compliance with the principles of purpose limitation and data minimization (art. given the expected result is not known. This aspect gives rise to consequent difficulties in providing information on the processing (articles 12-14) and in obtaining consent, where required (article 7), fundamental elements on which the discipline is based. The problems are particularly wide due to the difficulty also of guaranteeing real anonymization and to the presence of some provisions that give rise to perplexity, such as direct marketing as a legitimate interest on which to base the processing (Article 21, paragraph 2). However, in Regulation (EU) 2016/679 there are principles and tools that can prove to be particularly useful in the legal management of big data, in particular the principle of privacy "by design" and "by default" (at. 25) and CD Data Protection Impact Assessment (Article 35), which aim at a weighting and a preventive approach to the impact and risks on data protection. Furthermore, the provisions relating to the automated decision-making process relating to natural persons, including profiling (Article 22), seem to allude to big data. In the same way, other provisions of the European regulation may be functional in terms of data governance, such as data portability (Article 20), prior consultation (Article 36), the figure of the Data Protection Officer (Article 37) and data breach notification (articles 33-34). The analysis does not fail to turn its gaze also to national legislation, which, although it does not explicitly deal with the phenomenon, deals with public big data in the innovations brought about by the reform of Legislative Decree 217/2017 to Legislative Decree 82 / 2005, Code of digital administration: the Data & amp; Analytics Framework, i.e. the National Digital Data Platform, to facilitate the knowledge and use of public information assets and the sharing of data between those who have the right to access it for the purpose of simplifying the administrative obligations of citizens and businesses. Finally, in the conclusions, also in the light of considerations expressed at European level, some suggestions will be outlined about possible guidelines for a more effective protection.
Translated title of the contribution[Autom. eng. transl.] Data, algorithms and European Regulation 2016/679
Original languageItalian
Title of host publicationRegolare la tecnologia: il Reg. UE 2016/679 e la protezione dei dati personali. Un dialogo fra Italia e Spagna
Number of pages16
Publication statusPublished - 2018
Externally publishedYes


  • algoritmi
  • big data
  • data protection


Dive into the research topics of '[Autom. eng. transl.] Data, algorithms and European Regulation 2016/679'. Together they form a unique fingerprint.

Cite this