or gender of a person. The same may be true for attributes like profession (there
are still very few female airline pilots or males working as an obstetrician) or
zip code (some neighborhoods are predominantly 'black' whereas others are
The use of data mining may further increase the possibilities of predicting
sensitive characteristics. From a legal perspective, no employer looking for a new
employee is allowed to ask for these characteristics and no job applicant must
provide them, but it is obvious that anti-discrimination legislation is extremely
difficult to enforce nonetheless. The point here is that hiding particular
characteristics is not sufficient. In fact, research has shown that leaving sensitive
data like ethnic background and gender out of a database may still yield
discriminatory data mining results. 11,12
In summary, using what is considered today to be anonymous data does not
properly resolve concerns related to both privacy and anti-discrimination, as data
may sooner or later be ascribed to individuals again. 13 In fact, when particularly
identifying characteristics, such as name, address, and social security number, are
missing, data mining technologies and database coupling may also be used to
predict the missing characteristics. Deleting sensitive data from databases does not
work either, as these sensitive characteristics may also be predicted. Prohibiting
data mining (a radical measure) is not realistic given the enormous amounts of
data we are facing in our information society, as it would imply less insight in and
overview of the data available. Thus, relying on anonymity as a solution to both
privacy and discrimination concerns is problematic. It is difficult to achieve given
technological advances and even if achieved many of the concerns will still
manifest. Note, though, that anonymity can be an objective of its own. Therefore,
anonymity can be very important, for instance, in a context without data mining
and profiling, but may be insufficient in other contexts, particularly when data
mining and profiling are used.
19.1.3 The Failure of Purpose Specification
In order to protect data subjects from collecting and using personal data very
broadly, there is a strong focus on purpose specification in European data
protection legislation. The purpose specification principle states that the purposes
for which personal data are collected should be specified and that the data may
only be used for these purposes. 14 This principle is included in the Treaty of
Strasbourg (art. 5b and 5e) and the EU Data Protection Directive 15 (art. 6.1b, 10
11 Verwer and Calders. (2010).
12 Pedreschi, D., Ruggieri, S., and Turini F. (2008).
13 Ohm, P. (2010).
14 See the 1980 principles for fair information processing developed by the Organization for
Economic Co-operation and Development (OECD).
15 Directive 95/46/EC of the European Parliament and of the Council on the protection of
individuals with regard to the processing of personal data and on the free movement of
such data, passed 2 February 1995.