University of Hertfordshire

From the same journal


  • Henry Pearce
View graph of relations
Original languageEnglish
Pages (from-to)312-335
Number of pages24
JournalInformation and Communications Technology Law
Early online date2 Sep 2017
Publication statusPublished - 10 Sep 2017


This article considers the emergence of big data and how it poses considerable difficulties for the European Data Protection framework’s key enabling concept: the notion of personal data. The article starts by outlining the fact that there is an emerging body of opinion which suggests some of these problems might best be addressed by adopting a risk management-based model of personal data. This, it is argued, is suggestive of the emergence of a possible fusion between the disciplines of data protection law and risk management. The article contends, however, that there are several complications associated with the adoption of risk management-based regulatory strategies which have to date not been meaningfully explored in the legal and regulatory literature pertaining to data protection. Consequently, these are issues in need of address. Whilst not intending to counsel against the adoption of risk management-based regulatory strategies the aim of this article is to begin bridging the metaphorical “gap” between legal, regulatory, and risk research and management discourses, to stoke much-needed debate in this topical area. To this end, the article highlights several areas which are in need of further consideration, and where there will likely be possibilities for future inter-disciplinary research.


This is an Accepted Manuscript of an article published by Taylor & Francis in Information & Communications Technology Law on September 2017, available online: Under embargo. Embargo end date: 2 March 2019.

ID: 12414691