The Idea of ‘Emergent Properties’ in Data Privacy: Towards a Holistic Approach

ERN: Other Econometrics: Data Collection & Data Estimation Methodology (Topic) Pub Date : 2017-02-15 DOI:10.1093/ijlit/eaw015

S. Esayas

{"title":"The Idea of ‘Emergent Properties’ in Data Privacy: Towards a Holistic Approach","authors":"S. Esayas","doi":"10.1093/ijlit/eaw015","DOIUrl":null,"url":null,"abstract":"‘The whole is more than the sum of its parts.’ \nThis article applies lessons from the concept of ‘emergent properties’ in systems thinking to data privacy law. This concept, rooted in the Aristotelian dictum ‘the whole is more than the sum of its parts’, where the ‘whole’ represents the ‘emergent property’, allows systems engineers to look beyond the properties of individual components of a system and understand the system as a single complex. Applying this concept, the article argues that the current EU data privacy rules focus on individual processing activity based on a specific and legitimate purpose, with little or no attention to the totality of the processing activities – i.e. the whole – based on separate purposes. This implies that when an entity processes personal data for multiple purposes, each processing must comply with the data privacy principles separately, in light of the specific purpose and the relevant legal basis. \nThis (atomized) approach is premised on two underlying assumptions: \n(i) distinguishing among different processing activities and relating every piece of personal data to a particular processing is possible, and \n(ii) if each processing is compliant, the data privacy rights of individuals are not endangered. \nHowever, these assumptions are untenable in an era where companies process personal data for a panoply of purposes, where almost all processing generates personal data and where data are combined across several processing activities. These practices blur the lines between different processing activities and complicate attributing every piece of data to a particular processing. Moreover, when entities engage in these practices, there are privacy interests independent of and/or in combination with the individual processing activities. Informed by the discussion about emergent property, the article calls for a holistic approach with enhanced responsibility for certain actors based on the totality of the processing activities and data aggregation practices.","PeriodicalId":384078,"journal":{"name":"ERN: Other Econometrics: Data Collection & Data Estimation Methodology (Topic)","volume":"18 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ERN: Other Econometrics: Data Collection & Data Estimation Methodology (Topic)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/ijlit/eaw015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

‘The whole is more than the sum of its parts.’ This article applies lessons from the concept of ‘emergent properties’ in systems thinking to data privacy law. This concept, rooted in the Aristotelian dictum ‘the whole is more than the sum of its parts’, where the ‘whole’ represents the ‘emergent property’, allows systems engineers to look beyond the properties of individual components of a system and understand the system as a single complex. Applying this concept, the article argues that the current EU data privacy rules focus on individual processing activity based on a specific and legitimate purpose, with little or no attention to the totality of the processing activities – i.e. the whole – based on separate purposes. This implies that when an entity processes personal data for multiple purposes, each processing must comply with the data privacy principles separately, in light of the specific purpose and the relevant legal basis. This (atomized) approach is premised on two underlying assumptions: (i) distinguishing among different processing activities and relating every piece of personal data to a particular processing is possible, and (ii) if each processing is compliant, the data privacy rights of individuals are not endangered. However, these assumptions are untenable in an era where companies process personal data for a panoply of purposes, where almost all processing generates personal data and where data are combined across several processing activities. These practices blur the lines between different processing activities and complicate attributing every piece of data to a particular processing. Moreover, when entities engage in these practices, there are privacy interests independent of and/or in combination with the individual processing activities. Informed by the discussion about emergent property, the article calls for a holistic approach with enhanced responsibility for certain actors based on the totality of the processing activities and data aggregation practices.

查看原文本刊更多论文

数据隐私中的“涌现属性”概念:迈向整体方法

“整体大于各部分的总和。本文将系统思维中的“涌现属性”概念应用到数据隐私法中。这个概念根植于亚里士多德的格言“整体大于部分的总和”，其中“整体”代表“涌现属性”，允许系统工程师超越系统单个组件的属性，并将系统理解为一个单一的综合体。运用这一概念，文章认为，当前的欧盟数据隐私规则侧重于基于特定和合法目的的个人处理活动，很少或根本没有关注基于单独目的的处理活动的总体-即整体。这意味着，当一个实体出于多种目的处理个人数据时，每次处理都必须根据具体目的和相关法律依据，分别遵守数据隐私原则。这种(原子化的)方法以两个基本假设为前提:(i)区分不同的处理活动并将每个个人数据与特定处理联系起来是可能的;(ii)如果每个处理都是合规的，则个人的数据隐私权不会受到威胁。然而，这些假设在一个公司处理个人数据的时代是站不住脚的，在这个时代，几乎所有的处理都会产生个人数据，并且数据是跨几个处理活动组合在一起的。这些实践模糊了不同处理活动之间的界限，并使将每个数据块归因于特定处理变得复杂。此外，当实体从事这些实践时，存在独立于个人处理活动和/或与个人处理活动相结合的隐私利益。通过对紧急属性的讨论，本文呼吁采用一种整体方法，在处理活动和数据聚合实践的总体基础上增强对某些参与者的责任。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ERN: Other Econometrics: Data Collection & Data Estimation Methodology (Topic)

自引率

0.00%

发文量