The Regulation of Personal and Non-Personal Data in the Context of Big Data


  • Daniar Supriyadi Tilburg Institute for Law, Technology and Society, Netherlands, Netherlands



Data protection laws provide minimum protections for personal data, as well as facilitate the free flow of such data, by setting out principles and rules for legitimate data processing. In the big data context, personal data may not be as easy to distinguish as in traditional data processing, and that makes policy-makers and businesses turn to the identifiability concept: in other words, what data are personal. This research is based on doctrinal legal researchon the legal theory (concepts, rules, and principles) concerning data protection in the EU and Indonesia. The results of the research show that the understand such paramount terminology in data protection law, relevant factors are presented to assess the direct or indirect identification of a natural person. In the EU data protection law, the test entails, for example, risk-based measures and technological development, whereas Indonesian law on data protection has not yet established such assessments. Data within big data operations traditionally falls under the scope of data protection laws only if it discloses the private life of individuals, such as names or other civil identities, but without further conditions to ascertain whether the data can be indirectly identified with an individual.


Acciarini, Chiara, Francesco Cappa, Paolo Boccardelli, and Raffaele Oriani, ‘How Can Organizations Leverage Big Data to Innovate Their Business Models? A Systematic Literature Review’, Technovation, In Press.May 2022 (2023), 102713

Agesilaou, Andria, and Eleni A. Kyza, ‘Whose Data Are They? Elementary School Students’ Conceptualization of Data Ownership and Privacy of Personal Digital Data’, International Journal of Child-Computer Interaction, 33 (2022)

Antusch, S., R. Custers, H. Marien, and H. Aarts, ‘Intentional Action and Limitation of Personal Autonomy. Do Restrictions of Action Selection Decrease the Sense of Agency?’, Consciousness and Cognition, 88.January (2021), 103076

Arkhipov, Vladislav, and Victor Naumov, ‘The Legal Definition of Personal Data in the Regulatory Environment of the Russian Federation: Between Formal Certainty and Technological Development’, Computer Law and Security Review, 32.6 (2016), 868–87

Bataineh, Ahmed Saleh, Rabeb Mizouni, Jamal Bentahar, and May El Barachi, ‘Toward Monetizing Personal Data: A Two-Sided Market Analysis’, Future Generation Computer Systems, 111 (2020), 435–59

Belen Saglam, Rahime, Jason R.C. Nurse, and Duncan Hodges, ‘Personal Information: Perceptions, Types and Evolution’, Journal of Information Security and Applications, 66.March (2022), 103163

Bolognini, Luca, and Camilla Bistolfi, ‘Pseudonymization and Impacts of Big (Personal/Anonymous) Data Processing in the Transition from the Directive 95/46/EC to the New EU General Data Protection Regulation’, Computer Law and Security Review, 33.2 (2017), 171–81

van den Broek, Tijs, and Anne Fleur van Veenstra, ‘Governance of Big Data Collaborations: How to Balance Regulatory Compliance and Disruptive Innovation’, Technological Forecasting and Social Change, 129.September 2017 (2018), 330–38

Burden, Kit, ‘EU Update’, Computer Law and Security Review, 33.6 (2017), 884–91

Chen, Zhiheng, Peiran Li, Yanxiu Jin, Yuan Jin, Jinyu Chen, Wenjing Li, and others, ‘Using Mobile Phone Big Data to Identify Inequity of Artificial Light at Night Exposure: A Case Study in Tokyo’, Cities, 128.May (2022), 3–5

Choi, Jay Pil, Doh Shin Jeon, and Byung Cheol Kim, ‘Privacy and Personal Data Collection with Information Externalities’, Journal of Public Economics, 173 (2019), 113–24

Chua, Hui Na, Jie Sheng Ooi, and Anthony Herbland, ‘The Effects of Different Personal Data Categories on Information Privacy Concern and Disclosure’, Computers and Security, 110 (2021), 102453

Clancy, Sian, Frank Owusu-Sekyere, Jake Shelley, Annalena Veltmaat, Alessandra De Maria, and Andrea Petróczi, ‘The Role of Personal Commitment to Integrity in Clean Sport and Anti-Doping’, Performance Enhancement and Health, 10.4 (2022)

Clarke, Roger, ‘Can Small Users Recover from the Cloud?’, Computer Law and Security Review, 33.6 (2017), 754–67

Cohen, Daniela, Anat Perry, Naama Mayseless, Oded Kleinmintz, and Simone G. Shamay-Tsoory, ‘The Role of Oxytocin in Implicit Personal Space Regulation: An FMRI Study’, Psychoneuroendocrinology, 91.February (2018), 206–15

Cui, Shujie, and Peng Qi, ‘The Legal Construction of Personal Information Protection and Privacy under the Chinese Civil Code’, Computer Law and Security Review, 41 (2021), 1–17

Custers, Bart, and Gianclaudio Malgieri, ‘Priceless Data: Why the EU Fundamental Right to Data Protection Is at Odds with Trade in Personal Data’, Computer Law and Security Review, 45 (2022), 105683

Cuzzocrea, Alfredo, Carson K. Leung, Anifat M. Olawoyin, and Edoardo Fadda, ‘Supporting Privacy-Preserving Big Data Analytics on Temporal Open Big Data’, Procedia Computer Science, 198.2021 (2021), 112–21

Daly, Angela, ‘Privacy in Automation: An Appraisal of the Emerging Australian Approach’, Computer Law and Security Review, 33.6 (2017), 836–46

Degnet, Mohammed B., Helena Hansson, Marjanke A. Hoogstra-Klein, and Anders Roos, ‘The Role of Personal Values and Personality Traits in Environmental Concern of Non-Industrial Private Forest Owners in Sweden’, Forest Policy and Economics, 141.May (2022)

Ding, Wenjie, and Li Chen, ‘Regulating the Use of Big Data: Justifications, Perspectives and the Chinese Way Forward’, Computer Law and Security Review, 46.100 (2022)

Elliot, Mark, Kieron O’Hara, Charles Raab, Christine M. O’Keefe, Elaine Mackey, Chris Dibben, and others, ‘Functional Anonymisation: Personal Data and the Data Environment’, Computer Law and Security Review, 34.2 (2018), 204–21

Erdos, David, ‘The UK and the EU Personal Data Framework after Brexit: A New Trade and Cooperation Partnership Grounded in Council of Europe Convention 108+?’, Computer Law and Security Review, 44 (2022), 1–17

Feng, Fei, Xia Wang, and Tianxiang Chen, ‘Analysis of the Attributes of Rights to Inferred Information and China’s Choice of Legal Regulation’, Computer Law and Security Review, 41 (2021)

Georgiadis, Georgios, and Geert Poels, ‘Towards a Privacy Impact Assessment Methodology to Support the Requirements of the General Data Protection Regulation in a Big Data Analytics Context: A Systematic Literature Review’, Computer Law and Security Review, 44 (2022)

Giacalone, M., D. C. Sinitò, M. V. Calciano, and V. Santarcangelo, ‘A Novel Big Data Approach for Record and Represent Compliance in the Covid-19 Era’, Big Data Research, 27 (2022)

Giancaspro, Mark, ‘Is a “Smart Contract†Really a Smart Idea? Insights from a Legal Perspective’, Computer Law and Security Review, 33.6 (2017), 825–35

Godoy, Jaqueline de, Kathrin Otrel-Cass, and Kristian Høyer Toft, ‘Transformations of Trust in Society: A Systematic Review of How Access to Big Data in Energy Systems Challenges Scandinavian Culture’, Energy and AI, 5.April (2021)

Hansson, Helena, and Jaap Sok, ‘Perceived Obstacles for Business Development: Construct Development and the Impact of Farmers’ Personal Values and Personality Profile in the Swedish Agricultural Context’, Journal of Rural Studies, 81.September 2020 (2021), 17–26

Hasanzadeh, Kamyar, Anna Kajosaari, Dan Häggman, and Marketta Kyttä, ‘A Context Sensitive Approach to Anonymizing Public Participation GIS Data: From Development to the Assessment of Anonymization Effects on Data Quality’, Computers, Environment and Urban Systems, 83.April (2020), 101513

Hassan, Shafiqul, Mohsin Dhali, Fazluz Zaman, and Muhammad Tanveer, ‘Big Data and Predictive Analytics in Healthcare in Bangladesh: Regulatory Challenges’, Heliyon, 7.6 (2021)

Helvacioglu, Asli Deniz, and Hanna Stakheyeva, ‘The Tale of Two Data Protection Regimes: The Analysis of the Recent Law Reform in Turkey in the Light of EU Novelties’, Computer Law and Security Review, 33.6 (2017), 811–24

Huang, Tao, and Yuan Zhao, ‘Revolution of Securities Law in the Internet Age: A Review on Equity Crowd-Funding’, Computer Law and Security Review, 33.6 (2017), 802–10

Jiang, Jinglin, Li Liao, Xi Lu, Zhengwei Wang, and Hongyu Xiang, ‘Deciphering Big Data in Consumer Credit Evaluation’, Journal of Empirical Finance, 62.August 2020 (2021), 28–45

Karjalainen, Tuulia, ‘The Battle of Power: Enforcing Data Protection Law against Companies Holding Data Power’, Computer Law and Security Review, 47.August 2018 (2022), 105742

Kennedy, Gabriela, ‘Asia Pacific News’, Computer Law and Security Review, 33.6 (2017), 896–904

Li, Yuanxin, and Darina Saxunová, ‘A Perspective on Categorizing Personal and Sensitive Data and the Analysis of Practical Protection Regulations’, Procedia Computer Science, 170 (2020), 1110–15

Lin, Zhengzheng, and Yanqin Jiang, ‘Character Strengths, Meaning in Life, Personal Goal, and Career Adaptability among Impoverished College Students: A Chain-Mediating Model’, Heliyon, 9.August 2022 (2023), e13232

Liu, Cheng yong, Ling Jan Chiou, Cheng chung Li, and Xiu Wen Ye, ‘Analysis of Beijing Tianjin Hebei Regional Credit System from the Perspective of Big Data Credit Reporting’, Journal of Visual Communication and Image Representation, 59 (2019), 300–308

Liu, Tianqi, Chukwunonso O. Aniagor, Marcel I. Ejimofor, Matthew C. Menkiti, Kuok Ho Daniel Tang, Bridgid Lai Fui Chin, and others, ‘Technologies for Removing Pharmaceuticals and Personal Care Products (PPCPs) from Aqueous Solutions: Recent Advances, Performances, Challenges and Recommendations for Improvements’, Journal of Molecular Liquids, 374 (2022), 121144

Liu, Yu li, Luyan Huang, Wenjia Yan, Xinghan Wang, and Ruochen Zhang, ‘Privacy in AI and the IoT: The Privacy Concerns of Smart Speaker Users and the Personal Information Protection Law in China’, Telecommunications Policy, 46.7 (2022), 102334

Liu, Yue, ‘User Control of Personal Information Concerning Mobile-App: Notice and Consent?’, Computer Law and Security Review, 30.5 (2014), 521–29

LIU, Zhao ge, Xiang yang LI, and Xiao han ZHU, ‘Scenario Modeling for Government Big Data Governance Decision-Making: Chinese Experience with Public Safety Services’, Information and Management, 59.3 (2022), 103622

Lu, Bingbin, ‘The Unique Chinese Legal Approach to Online Ad Blocking: Is It in the Right Direction?’, Computer Law and Security Review, 33.6 (2017), 786–801

Lubis, Muharman, and Dini Oktarina D. Handayani, ‘The Relationship of Personal Data Protection towards Internet Addiction: Cyber Crimes, Pornography and Reduced Physical Activity’, Procedia Computer Science, 197.2021 (2021), 151–61

Malgieri, Gianclaudio, and Bart Custers, ‘Pricing Privacy – the Right to Know the Value of Your Personal Data’, Computer Law and Security Review, 34.2 (2018), 289–303

Mantelero, Alessandro, ‘Regulating Big Data. The Guidelines of the Council of Europe in the Context of the European Data Protection Framework’, Computer Law and Security Review, 33.5 (2017), 584–602

Marinova, Galia, Aida Bitri, and Marsida Ibro, ‘The Role of Women in the Digital Age: Balancing Professional and Personal Challenges during the COVID-19 Pandemic’, IFAC-PapersOnLine, 54.13 (2021), 539–44

Marschlich, Sarah, and Diana Ingenhoff, ‘Stakeholder Engagement in a Multicultural Context: The Contribution of (Personal) Relationship Cultivation to Social Capital’, Public Relations Review, 47.4 (2021)

Mendelson, D., and D. Mendelson, ‘Legal Protections for Personal Health Information in the Age of Big Data – a Proposal for Regulatory Framework’, Ethics, Medicine and Public Health, 3.1 (2017), 37–55

Métayer, Daniel Le, Mathias Bossuet, Fanny Coudert, Claire Gayrel, Francisco Jaime, Christophe Jouvray, and others, ‘Interdisciplinarity in Practice: Challenges and Benefits for Privacy Research’, Computer Law and Security Review, 33.6 (2017), 864–69

Milkaite, Ingrida, Ralf De Wolf, Eva Lievens, Tom De Leyn, and Marijn Martens, ‘Children’s Reflections on Privacy and the Protection of Their Personal Data: A Child-Centric Approach to Data Protection Information Formats’, Children and Youth Services Review, 129.December 2020 (2021)

Mullins, Martin, Christopher P. Holland, and Martin Cunneen, ‘Creating Ethics Guidelines for Artificial Intelligence and Big Data Analytics Customers: The Case of the Consumer European Insurance Market’, Patterns, 2.10 (2021)

Oksas, Catherine, Julia Green Brody, Phil Brown, Katherine E. Boronow, Erin DeMicco, Annemarie Charlesworth, and others, ‘Perspectives of Peripartum People on Opportunities for Personal and Collective Action to Reduce Exposure to Everyday Chemicals: Focus Groups to Inform Exposure Report-Back’, Environmental Research, 212.December 2021 (2022)

Pantlin, Nick, ‘European National News’, Computer Law and Security Review, 33.6 (2017), 892–95

Papakonstantinou, Vagelis, and Paul de Hert, ‘Big Data Analytics in Electronic Communications: A Reality in Need of Granular Regulation (Even If This Includes an Interim Period of No Regulation at All)’, Computer Law and Security Review, 36.November 2015 (2020), 105397

Pauletto, Christian, ‘Options towards a Global Standard for the Protection of Individuals with Regard to the Processing of Personal Data’, Computer Law and Security Review, 40.3 (2021), 371–81

Perner, Petra, and Uwe Zscherpel, ‘Engineering Applications of Artificial Intelligence: Editorial’, Engineering Applications of Artificial Intelligence, 15.2 (2002), 121

Purtova, Nadezhda, ‘Default Entitlements in Personal Data in the Proposed Regulation: Informational Self-Determination off the Table. and Back on Again?’, Computer Law and Security Review, 30.1 (2014), 6–24

Rhahla, Mouna, Sahar Allegue, and Takoua Abdellatif, ‘Guidelines for GDPR Compliance in Big Data Systems’, Journal of Information Security and Applications, 61.June (2021)

Rubeis, Giovanni, ‘IHealth: The Ethics of Artificial Intelligence and Big Data in Mental Healthcare’, Internet Interventions, 28.August 2021 (2022), 100518

Savelyev, Alexander, ‘Russia’s New Personal Data Localization Regulations: A Step Forward or a Self-Imposed Sanction?’, Computer Law and Security Review, 32.1 (2016), 128–45

Shen, Yuncheng, Bing Guo, Yan Shen, Xuliang Duan, Xiangqian Dong, Hong Zhang, and others, ‘Personal Big Data Pricing Method Based on Differential Privacy’, Computers and Security, 113 (2022), 102529

Silva, Jesus, Darwin Solano, Claudia Fernandez, Ligia Romero, and Jesus Vargas Villa, ‘Privacy Preserving, Protection of Personal Data, and Big Data: A Review of the Colombia Case’, Procedia Computer Science, 151.2018 (2019), 1213–18

Steppe, Richard, ‘Online Price Discrimination and Personal Data: A General Data Protection Regulation Perspective’, Computer Law and Security Review, 33.6 (2017), 768–85

de Terwangne, Cécile, ‘Council of Europe Convention 108+: A Modernised International Treaty for the Protection of Personal Data’, Computer Law and Security Review, 40.July 2013 (2021), 3–4

Václav Jane ˇcek, ‘Ownership of Personal Data in the Internet of Václav Jane C’, Computer Law & Security Review, 34.2018 (2020), 1039–52

Valero, Cayetano, Jaime Pérez, Sonia Solera-cotanilla, Mario Vega-barbas, Guillermo Suarez-tangil, Manuel Alvarez-campana, and others, ‘Analysis of Security and Data Control in Smart Personal Assistants from the User’s Perspective’, Future Generation Computer Systems, 2023

Vellinga, Nynke E., ‘From the Testing to the Deployment of Self-Driving Cars: Legal Challenges to Policymakers on the Road Ahead’, Computer Law and Security Review, 33.6 (2017), 847–63

Wan, Yong, ‘Deep Linking Does Not Constitute a “Making Available to the Publicâ€: The Perspective of Beijing Intellectual Property Court’, Computer Law and Security Review, 33.6 (2017), 876–83

Warso, Zuzanna, ‘There’s More to It than Data Protection-Fundamental Rights, Privacy and the Personal/Household Exemption in the Digital Age’, Computer Law and Security Review, 29.5 (2013), 491–500

Wiltshire, Deborah, and Seraphim Alvanides, ‘Ensuring the Ethical Use of Big Data: Lessons from Secure Data Access’, Heliyon, 8.2 (2022), e08981

Wu, Yuehua, ‘Protecting Personal Data in E-Government: A Cross-Country Study’, Government Information Quarterly, 31.1 (2014), 150–59

Yu, Xiaolan, and Yun Zhao, ‘Dualism in Data Protection: Balancing the Right to Personal Data and the Data Property Right’, Computer Law and Security Review, 35.5 (2019), 1–11

Yuvaraj, Joshua, ‘How about Me? The Scope of Personal Information under the Australian Privacy Act 1988’, Computer Law and Security Review, 34.1 (2018), 47–66

Zhang, Chenguo, ‘“Sampling†Is Freedom of Art: The German Federal Constitutional Court Deliberates on the Acceptability of Music Sampling in the “Metall Auf Metall†Case’, Computer Law and Security Review, 33.6 (2017), 870–75

Zhang, Lu, ‘“Personal Information of Privacy Nature’â€under Chinese Civil Code’, Computer Law and Security Review, 43 (2021)

Zharova, Anna Konstantinovna, and Vladimir Mikhailovich Elin, ‘The Use of Big Data: A Russian Perspective of Personal Data Security’, Computer Law and Security Review, 33.4 (2017), 482–501

Zheng, Guan, ‘Trilemma and Tripartition: The Regulatory Paradigms of Cross-Border Personal Data Transfer in the EU, the U.S. and China’, Computer Law and Security Review, 43 (2021), 105610




Citation Check