Database Reference
In-Depth Information
processing is incompatible with the original purpose. This provision prohibits the
so called function creep of data processing, which signifies the tendency to use al-
ready collected data, either by governments or by market parties, for all kinds of
purposes and functions not originally intended. The third principle of quality re-
stricts the processing of data to one specified sphere, namely the context of and
purpose for which the data were originally gathered.
Finally, the Data Protection Directive contains a restriction on the use of
personal data and on making of decisions on the basis of such data. The limitation
regards decisions which produce legal effects concerning a person or that signifi-
cantly affect him, which are based solely on the automated processing of data and
which are intended to evaluate certain personal aspects relating to him, such as his
performance at work, creditworthiness, reliability, conduct, etc. Such automated
decision making, which is quite common in data mining processes, entails the
danger of reducing a person to a number and so undermines his individuality and
his autonomy. This is partially overcome by granting the data subject the right to
knowledge of the logic involved in any automatic processing of data concerning
him.
48
However, this leaves the problem that automatic, computer based analyses
and decisions tend to be viewed by humans as absolute and that the data mining
process and the outcome thereof only seldom take into account particular contexts
and specific individual characteristics.
49
This risk of contextually detached deci-
sion-making is addressed in the directive by granting the individual the right to
object to automatic processed decisions, thus granting him the right to be indivi-
dually judged by another human.
50
From these existing provisions, a more coherent approach to data mini
mum
miza-
tion can be developed. Four data mini
mum
mization principles can be distinguished,
relating to the four stages of knowledge discovery in databases distinguished in the
section two.
1.
Gathering data: firstly, metadata should be registered and conserved about
which data was gathered where and when. This makes it easier to assess for ex-
ample whether databases are tilted towards criminal activities by minorities due
to an over analysis of certain neighborhoods. Furthermore, the methodology of
the process of obtaining the data, among others what data was gathered, by
whom and how, should be incorporated in the metadata as well. Finally, the
purpose for the gathering of data must be clear.
2.
Storing data: the data gathered in the databases should be both accurate and
complete. This means for example that relevant contextual data, which are vital
for the correct assessment of gathered data, should be incorporated and clus-
tered in the database. This preserves the context of the data in the further course
of the data mining process. Attached to this cluster of information should be the
metadata described in the previous point. Furthermore, the gathered data must
be kept up to date on a regular basis. Finally, decisions on categorisation and
48
Article 12 DPD.
49
Com(90) final - syn 287 and 288, Brussels, 13 September 1990. Com(92) 422 final -
Syn 287, Brussels, 15 October 1992.
50
Article 15 DPD.
Search WWH ::
Custom Search