ABSTRACT
The current legal regime distinguishes between different types and categories of data. In general, the more personal, private and sensitive data are, the higher the level of protection provided. Among others, the legal regime differentiates between non-personal data and personal data, between metadata and content data and between non-sensitive and sensitive personal data. This chapter provides three reasons why these legal categories may become redundant in the age of Big Data. First, it suggests that categorising data only works when the status of the data is relatively stable, while in the current and future technological environment, their nature will be highly volatile. Second, it suggests that categorising data only works when it is possible to determine with relative certainty in which category data fall, while this will be ever more difficult because the sensitivity of the data is less and less a quality of the data and more and more a result of the efforts invested by parties having access to the data. Third, it suggests that the underlying rationale for laying down different regimes of protection for different categories of data may become redundant, because metadata can be just as or even more revealing than content communication data, personal data may reveal more sensitive aspects of people’s lives than sensitive personal data and aggregated data may be used in ways that have a bigger impact on people than the use of identifying data. Finally, this chapter suggests that this means that the status of data is not the right starting point for future legal regulation and that as long as the status of data is taken as a starting point for regulation, a strong regime should govern the processing of non-personal, non-sensitive and aggregated data in order to protect the interests of citizens.
