GDPR 및 OECD권고 하에서의 빅데이터의 가능성

Possibility of big data depends upon linkage of diverse databases. Liking a database previously created for a purpose to another database created for a different purpose by definition constitutes "further processing" which in principle requires consent of all the data subjects. Such consent requirement is not only unrealistic but the post-consent database will be biased in favor of the willing data subjects and therefore will have very low research value. Laws including GDPR are allowing therefore data linkage through pseudonymization where pseudonymized data is anonymous to those not holding the re-identification keys. The rule is that no one person or processor has both the linked data and the key. The Trusted Third Party method, for instance, has a trusted third party send the pseudonymization algorithm to the two database processors who then pseudonymize respective databases and send only the attributes to one place for linkage where the linked database is used only for approved purposes in secure environment where data cannot be taken out. UK, Germany, and Netherlands are following this method to allow data linkage. Most importantly, OECD recommends and provides guidelines for promoting linkage of most sensitive data, that is, health data whereby even profi-motivated researchers can receive data linkage services.