The use of Big Data: A Russian perspective of personal data security

This article examines the impact of Big Data technology on Russian citizens' constitutional rights to a private life. There are several laws in the Russian Federation covering data privacy and protection, but these are proving inadequate to protect the citizens' rights in the face of the ever-increasing use of massive data sets and their analysis by Big Data tools. One particular problem in this regard is that datasets of anonymised records currently not covered under personal data laws (because they do not identify individuals) can, in fact, be used to identify data subjects (the individuals to whom the data refers) when combined and analysed using Big Data tools. Furthermore, existing sanctions for misuse of personal data are minor, and often fail to act as a deterrent when the commercial benefits of exploiting user data (e.g. through targeted advertising) are so much greater. From the point of view of companies handling Big Data, a general confusion over definitions and responsibilities is making compliance with the law difficult, leaving most to come up with their own forms of best practice, rather than being able to follow clear industry recommendations. The article examines existing laws and oversight bodies, discusses how the current provisions are inadequate to deal with new developments in Big Data, and proposes recommendations for amending and updating existing laws and policies.