Today’s service providers, such as search engines, social networks, banks, eInvoicing and payment services, are collecting huge amounts of personal data for a variety of purposes. This so-called “Big Data” revolution brings a series of legal compliance issues. As a partner of IT law firm time.lex, I highlighted below the benefits, challenges and opportunities concerning Big Data smart compliance. Earlier this year, at the EPCA Payment Summit in Brussels, one of the key topics was Big Data. I talked about Big Data’s major legal aspects.


Big Data’s benefits

Big Data (sometimes also referred to as data “mining”) is the process of capturing, sorting, storing, analysing, presenting and using the ever-increasing huge amounts of personal data collected by a variety of public and private organisations. Businesses involved in various aspects of commerce, payments and financial services are keen to know about Big Data’s potential benefits for their activities.


In brief, Big Data has the potential to help merchants, Payment Service Providers (PSPs) and banks achieve three critical objectives:


1. To create a customer-focused enterprise that enables:

  • Predicting customer behaviour;
  • Cross-selling products and services to the customer;
  • Making a “contextual offer” to the customer.


2. To optimise enterprise risk management through:

  • Capital requirements;
  • Predicting and preventing fraud (like hacking and “phishing”) and improving security;
  • Reducing credit card fraud and so reducing internal costs.


3. To increase operational flexibility and streamlining.


What should be taken into account when launching a Big Data project in Europe?

The regulatory framework concerning Big Data is wide, including: the new general data protection regulation, the ePrivacy directive (cookies), and the Network Information Security “NIS” Directive or “cyber security directive”. Also, there is some “soft law” that has an impact, such as the opinions of the working party 29 concerning online behavioural advertising, on valid consent, on purpose limitation, and apps on smart devices. Merchants and PSPs must “mind the gap” when dealing with “sensitive data” such as financial data, medical data e.g. for insurance.


Also relevant are: security standards (such as in the European Central Bank’s recommendations), consumer protection law (black lists), legal obligations and compliance regarding Know Your Customer (KYC) and Anti-Money Laundering (AML) legislation and, in some cases, even outsourcing regulations.


I wrote more about big data’s legal and compliance challenges, so I invite you to learn more


For further information on the legal issues concerning Big Data please contact me at