The extensive collection and processing of personal information in big data
analytics has given rise to serious privacy concerns, related to wide scale
electronic surveillance, profiling, and disclosure of private data. To reap the
benefits of analytics without invading the individuals' private sphere, it is
essential to draw the limits of big data processing and integrate data
protection
... [Show full abstract] safeguards in the analytics value chain. ENISA, with the current
report, supports this approach and the position that the challenges of
technology (for big data) should be addressed by the opportunities of
technology (for privacy).
We first explain the need to shift from "big data versus privacy" to "big
data with privacy". In this respect, the concept of privacy by design is key to
identify the privacy requirements early in the big data analytics value chain
and in subsequently implementing the necessary technical and organizational
measures.
After an analysis of the proposed privacy by design strategies in the
different phases of the big data value chain, we review privacy enhancing
technologies of special interest for the current and future big data landscape.
In particular, we discuss anonymization, the "traditional" analytics technique,
the emerging area of encrypted search and privacy preserving computations,
granular access control mechanisms, policy enforcement and accountability, as
well as data provenance issues. Moreover, new transparency and access tools in
big data are explored, together with techniques for user empowerment and
control.
Achieving "big data with privacy" is no easy task and a lot of research and
implementation is still needed. Yet, it remains a possible task, as long as all
the involved stakeholders take the necessary steps to integrate privacy and
data protection safeguards in the heart of big data, by design and by default.