A Process-Based Approach to Informational Privacy and the Case of Big Medical Data


A Process-Based Approach to Informational Privacy and the Case of Big Medical Data

Room 920, Level 9,
Melbourne Law School
185 Pelham Street


Data protection law has a linear logic, in that it purports to trace the lifecycle of personal data from creation to collection, processing, transfer and ultimately its demise, and to regulate each step so as to promote the data subject’s control. Big data defies this linear logic, in that it decontextualises data from its original environment and conducts an algorithmic nonlinear mix, match and mine analysis. Applying data protection law to the processing of big data does not work well, to say the least.

This seminar discusses the case of big medical data. A survey of emerging research practices indicates that studies either ignore data protection law altogether or assume an ex post position, namely that because they are conducted after the data has already been created in the course of providing medical care, and they use de-identified data, they go under the radar of data protection law. These studies focus on the end-point of the lifecycle of big data: if sufficiently anonymous at publication, the previous steps are overlooked, on the claim that they enjoy immunity. This seminar argues that this answer is too crude.

To portray data protection law in its best light, we should view it as a process-based attempt to equip data subjects with some power to control personal data about them, in all phases of data processing. Such control reflects the underlying justification of data protection law as an implementation of human dignity. The process-based approach fits current legal practices and is justified by reflecting dignitarian conceptions of informational privacy.


  • Professor Michael Birnhack
    Professor Michael Birnhack, Associate Dean (Research)