For commercial use of copyright-protected big data, it is usually a requirement to obtain the consent of the rights holder. It is important that information/data in itself is not covered by copyright law and hence the copyright restrictions do not apply to it.
As far as no purely anonymous data is used, but instead data that can partly be attributed to individuals, as is most often the case with big data, the general copyright laws should be assumed and applied, which do not allow the usage of such data.
Exceptions to this ban are certain laws of permission or alternately the consent of the person concerned. And then, you still have to additionally take into account, if these are general person related data sets or if they are location or traffic based.
Collection of general person related data
The collection and analysis of general personal data, i.e. individual details about personal and situational circumstances of a certain identifiable human being (name, address, email address, marital status, profession, ID number, insurance number, and telephone number) require the prior consent of the person concerned, except if a legal permit has been issued.
General personal data are first of all standard inventory data, i.e. those that are required for the establishment, content design, or amendment of a contractual relationship between the service provider and the person concerned, for example regarding the use of telecommunications services (e.g. name, age and address of the person concerned). Furthermore, they only use data necessary to allow access to tele-media and are required for their billing - such as for instance characteristics for the identification of the person concerned, information on the beginning and end of the contract as well as scope of the usage of the services.
As soon as such information lies outside of the actual purpose of the agreement in the context of big data analysis and applications and then used otherwise, the consent of all individuals is required – if you want to be on the safe side - or at least you will have to anonymize the data. But as in most cases, generalizations in data protection laws do not work most of the time. So it is better to be on the safe side.
Collection of traffic data
Collection of traffic data, i.e. data which is raised in the context of a telecommunications service (such as telecommunications service used, the number or the ID of the participating parties, personal permission IDs, credit card numbers used by the customer, any location data collected through the mobile phone, as well as the beginning and the end of the respective connection), may be used only with the consent of the person concerned. The processing of such data for marketing purposes also needs the consent of the affected participant. In addition, the data of the called party (the other side which cannot comply in practice) must be anonymized immediately.
Collection of location data
Collection of location data, i.e. data collected or used in a telecommunications network or a telecommunications service and that specify the location of the device of an end user of a publicly available telecommunications service, may be also only be used with the consent of the person concerned and only to the extent necessary for the function of the service collected and processed. In any other case, processing this data without consent is only possible, if the data have been anonymized.
The race for competitive advantages is definitely on and it is a race that has just started, considering all the data about customers available today. However, considering the current developments, ‘data law’ is emerging as a new area in its own right and will remain on our radar for the years to come, considering all the security trends and predictions included in Asian eMarketing’s January 2015 issue.