Big data means big changes to global privacy legislation

Privacy is a human right, but it's also secondary to state interests. The key is to find a balance between protecting privacy and fostering innovation.
View the report Get in touch
Jessica Santos
Santos, Ph.D

Global Compliance and Quality Director, Health Division

Get in touch

As Big Data becomes an even more dominant force, global privacy legislation is at the forefront of protecting people’s privacy while effectively balancing pharma and healthcare organizations’ continual need to stretch the limits of innovation. With global privacy such a critical issue, we must first consider what is the principle of privacy? Privacy is a human right, privacy is a commodity, and privacy is secondary to state interests. However, considering that there isn’t any universal consistency on the principles of data protection or how personal data is handled, differences on how privacy is interpreted is largely based on the founding principles of individual countries and regions, which drives legislation and thus enforcement actions.

In the United States, there is no single, comprehensive federal law regulating the collection and use of personal data, however individual states are enacting privacy-related bills independently. In the EU, human dignity is recognised as an absolute, fundamental right. Considering this notion, privacy – or the right to a private life, to be autonomous, to be in control of information about one’s self, to be let alone – plays a pivotal role in EU privacy legislation. The EU’s new General Data Protection Regulation (GDPR) states that EU citizens’ personal data can only be transferred to countries with an “adequate” data protection status.

In the UK, while the country’s Brexit plans remain unclear, the Information Commissioner’s Office (ICO) is working to help businesses, particularly small and medium enterprises (SME), prepare for a possible no-deal Brexit. However, the government has made it clear that the GDPR will be absorbed into UK law at the point of exit, so there will be no substantive changes to the rules that most organizations need to follow. While in Brazil, which has been inspired by Europe’s GDPR, the country enacted its General Data Protection Law – Lei Geral de Proteção de Dados (LGPD) (Law 13,709/2018) – in August 2018. The law is expected to take effect in early 2020 after its 18th adaptation period.

The global privacy landscape will continue to evolve as multinational and regional organisations push ahead with their quest for data. Key questions include: how can we use data to gain insights into education, such as which schools do the best job of teaching low-income students? Or, with regards to health, such as which doctors provide the best care for a reasonable price? And, all this is expected while protecting people’s privacy. The intensity of privacy demands from consumers will rise in tandem with broadening privacy legislation and corporate big data capacities. In 2020 and beyond, this will likely result in some high-profile lawsuits based on this tension and the rebalancing of stakeholder relationships.

Get in touch