Workshop 4


Cloud and big data: Delivering on the promise while safeguarding privacy

Referring to proposal no.: 3, 8, 9,21, 37, 40, 48, 49
Find here the list of submitted proposals

Organising team / focal point: Jean-Jacques Sahel, ICANN

Key participants:

Moderator: Jean-Jacques Sahel, ICANN

Reporter: Olivier Crepin-Leblond, ICANN’s At-large Advisory Committee (ALAC)

Remote participation moderator: Olivier Crepin-Leblond, ICANN’s At-large Advisory Committee (ALAC)

Description / key focus:

The advent of cloud computing and big data, spurred by the growth and increasing pervasiveness of the Internet in our societies and economies, holds many promises. We are at the start of a ‘smart world’, where our homes, our cities, our energy, can become smarter thanks to better data monitoring and collection; with the potential to drastically improve our consumption and management of energy and the environment. The same online developments have also seen the rise of crowdfunding, and generally of more citizen and public empowerment.But with these developments – especially the increased use of (personal) data – come challenges, notably for privacy and security. As the technology develops, it is still poorly understood and often not (yet) trusted by many, which could deter or delay its potential.

As policymakers look to the new questions raised by these developments, it is important that we have a debate including all stakeholders, to ensure that the technology delivers all its promises – from empowered citizenry to better energy utilization and economic growth – while making sure all the necessary safeguards are in place, notably when it comes to privacy and security.


Links: ...find out more on the WIKI here

Report on Big Data and Privacy from John Podesta, White House, from May 2014

European Cloud Computing Strategy, Big & Open Data for Europe, report by the Warsaw Institute of Economic Policy: – social platform for citizen and public participation



The workshop started with an illustration of the power of cloud for citizens, with a presentation of the social platform, which allows citizens to raise and bring attention to their local city council to daily issues of their communities, such as delivery of public / council services. Participants from industry gave other illustrations of the transformative potential of the cloud, and the related application of big data for both economic and social applications, from e-health to increased productivity and better public services.

But with every collection of data come questions of data protection and privacy. A lively discussion involving both key participants and many in the workshop audience, went deeper into the challenges: with cloud and big data, misuses of the technology can happen, and yet our legislative or regulatory frameworks are not always well adapted or clear enough to deal with new situations. There was discussion of the ongoing reform of the data protection framework in the EU, and how this may help respond to some of the challenges; of the transnational nature of data flows, and therefore the usefulness of ‘regulatory convergence’, or at least, baselines or mutual recognition around data flows; and the difficulty of adapting legislation to such rapidly changing technologies. The discussion considered whether simple, fundamental ‘guidelines’ on data protection – supported by regular adaptation of their implementation in detail – may be more sustainable than a detailed rulebook that would require very regular updating, which would likely be obsolete by the time it is reviewed anyway.

The main conclusion was the need to make the most of cloud and big data, while urgently addressing their ‘ethical’ use, and seeking to adapt fundamental privacy principles to fast-moving technology and cross-border information flows. The topic deserves continued attention at future EuroDI’s and IGFs.


The session started with a presentation of “”, a social platform that can run on a mobile device, which allows citizens to point out matters which have to be attended to in a town’s infrastructure. For example, pot-holes, dumped rubbish, lighting failures etc.

With individual reports not being anonymised, privacy concerns were expressed. Trusting the government about one’s activities was key to this product.

Concerns over privacy, security & transparency

Next was AT&T data with a 50,000 times increase of mobile data traffic 2007. By 2020 there will be 6Bn Internet devices connected in Europe in all sectors including automotive, home security, home automation, healthcare etc. Many of these devices will generate data and this raises concerns of privacy, security and transparency.

Data protection laws exist for such data (directive of ‘95). Applying them to big data is a challenge. The whole data protection law is based on the actual identification of a single piece of data. This happened when there were big separate databases but with big data, we are faced with data that’s everywhere. When you buy big data,” you can identify correlations, aspects, new information on groups of persons, of single persons and so on. The current laws require identification of each piece of data, asking for consent. Aggregation of big data on an anonymous level is interesting and useful but we do not know how this data is shared and if indeed anonymised once each piece of information has been identified. In fact we do not know if the data that is shared is indeed all anonymous or if governments make use of the private part of big data.

A solution is urgently needed on this issue: an improved data protection law than the existing one. This solution needs to be technology neutral, as purpose limitation actually limits its use but it needs to define the public sphere vs. the private sphere and how someone can have reasonable understanding of whether their details are in the public sphere or the private sphere. The time pressure for such work is high priority but it is important to not enter into hasty but not well thought out legislation.

Business Opportunities

There are significant business opportunities which come with Big Data. Providing information about yourself allows for a service like “Skype Translator” to serve you better. How much do we lose out if we cover ourselves from sharing of big data in matters of insurance for example – higher car insurance depending on your profile – lower for some others.

A recent study from ICD in March 2014 looked at 2000 mid-sized companies across all sectors and yielded the result that with the right business analytics they can improve their cost efficiency by 60%. That translates to better services for customers thanks to predictions based aggregation of data.

Big data is therefore not the problem, it is ethical data usage.

If you use a store card, the store knows everything about you and your purchases and probably more about your life. Advantages of big data are clearly wanted by consumers – an example of tracking of all cars on the road to avoid traffic jams.

Yet, it is expected that people in the streets, having a choice and having such choice explained, would probably prefer a higher standard of privacy. So there is a dichotomy between people’s wishes and the reality of their day to day decisions. The end users are not necessarily helped in choosing how their data is used.

Data Protection Laws

Whilst Data Protection laws might appear to be weaker in the US than in Europe, companies are encouraged to care for their customers by clearly explaining how their data is used, and enforcement is present through expensive fines. In the US, it is not uncommon for consumer organisations to fight in court – and that includes suing for non respect of legislation by governments. In Europe, fines for non respect of Data Protection laws are simply not impactful enough.

Traditional Telecom operators are all subjected to the same Data Protection laws. Representatives from several international operators shared the opinion that whilst they all benefited from analysing customer data, they all complied with data protection laws, something which non traditional telecom companies might not be subjected to as a result of their business.

It was convened that in Europe, the Article 29 working party’s work was very useful for companies collecting big data as it created a level playing field regarding competition and consumer protection and that the Directive ’95 should continue to be strengthened through more sophisticated means of self-regulation.

Finally, a discussion specific to one of the panellists involved the default handing of big data to governments either by a backdoor to the database or through continuous sharing of data. The panellist answered that they had never voluntarily disclosed data at any point, nor did they have any backdoor to their databases.


  1. Data protection laws like the ’95 directive are useful but ill-suited to big data because it requires individual identification of each piece of data in order to protect it;
  2. There should be ongoing work for the strengthening and improvement of this ’95 directive;
  3. Europe has stronger data protection laws but there is less ability to impose high fines than in the United States in case of breach. Thus laws have less of a deterrent effect;
  4. There is a huge potential for cloud and Big Data including gains for consumers and for the economy as a whole. Big data is accepted by consumers when it makes products less expensive or more suited to their use of the product, yet it needs to be kept in check;
  5. The problem is not Big Data itself, but the ethical use of Big Data.

Read the transcript here!