Ugo Pagallo, The Legal Challenges of Big Data: Putting Secondary Rules First in the Field of EU Data Protection, European Data Protection Law Review, Volume 3 (2017), Issue 1, p. 36 – 46
Considerable attention has been devoted in recent years to studying the legal challenges associated with Big Data. The main emphasis – including in, but not limited to, the field of data protection – has been on the role and content of the primary rules of the system. This stance makes perfect sense: it places the focus on the norms that should govern social and individual behaviour in terms that range from individual consent and data minimisation, accuracy and purpose limitation, integrity and confidentiality, to the principles of lawfulness, fairness, and transparency, as enshrined in Article 5 of the EU General Data Protection Regulation (GDPR). Still, I argue here that it is time to widen our perspective to include not only the hard laws of EU governance, but also to consider the role played by the secondary rules of the law. At the same time, we must evaluate the intent of the law in governing the process of technological innovation and the different ways in which human and social behaviours can be regulated. This article examines four types of secondary rules at work with(in) the GDPR and attempts to show how the mechanisms and procedures of legal flexibility provided by such rules may shed light on the kinds of primary rules needed within the field of Big Data.