Iranian Journal of Trade Studies

Iranian Journal of Trade Studies

Personal Data within Big Data and Databases: Technical and Legal Challenges in the Enforcement and Separability of Data Subject Rights

Document Type : Research Paper

Authors
Amirmohammad Ghorbannia 1
Zahra Shakeri 2
1 Master’s Graduate in Private Law, University of Tehran, Tehran, Iran
2 Associate Professor, Faculty of Law and Political Science, University of Tehran, Tehran, Iran
10.22034/ijts.2026.2069496.4182
Abstract
With the expansion of data-driven technologies, personal data is increasingly collected, stored, and analyzed within big data systems and databases. These structures, designed to enable large-scale and intelligent information processing, provide substantial benefits for businesses but simultaneously generate fundamental challenges regarding data subject rights. In big data environments, data is gathered in massive, diverse, and interconnected forms, making the exercise of individual rights such as access, rectification, erasure, or portability highly difficult due to technical and structural barriers; isolating a single person’s data within such datasets often proves complex or even impossible. In company-owned databases, personal data is frequently treated as part of the informational assets, creating tensions between corporate intellectual property rights over the database and individuals’ privacy rights. The central question addressed in this article is what legal and technical challenges emerge at the intersection of big data and databases in safeguarding data subject rights, and how legal systems have responded. Using a descriptive-analytical method and based on library research, the study finds that big data remains subject to a significant regulatory gap, as most legal frameworks have yet to extend data protection obligations specifically to this context. Accordingly, enforcing data subject rights requires new regulations tailored to the distinctive features of big data. Regarding databases, intellectual property protection applies only to the design, structure, and organization of the database, while raw personal data remains subject to privacy and data protection regulations.
Keywords
Big Data
Databases
Data Subject Rights
Intellectual Property
Personal Data
Subjects
-  
-         Agh, Jeren. (2020). The impact of the GDPR on Big Data. Available at: (https://techgdpr.com/blog/impact-of-gdpr-on-big-data/). Visited 2025/07/12.
-         Alamzadeh, Mohammad & Farhadi, Danial & Taleghan Ghaffari, Mehdi. (2020). Comparative analysis of the relationship between intellectual property rights arising from pharmaceutical inventions and the right to health from the perspective of Iranian statutory laws and the TRIPS Agreement. Comparative Law Journal, 4(2), 103-117. Doi: 10.22080/lps.2021.20423.1212. [in Persian]
-         Article 29 Working Party. (2017a). Guidelines on the right to data portability 16/EN WP 242 rev.01. Available at: (https://ec.europa.eu/newsroom/article29/items/611233/en). Visited 2025/07/15.
-         Article 29 Working Party. (2017b). Guidelines on transparency under Regulation 2016/679, 2018/WP260 rev.01. Available at: (https://ec.europa.eu/newsroom/article29/items/622227/en). Visited 2025/07/15.
-         ASPE. (2018). To Big Data or Not: Determining the Use of Big Data. Available at: (https://aspe.hhs.gov/sites/default/files/migrated_legacy_files//192001/ToBigData.pdf). Visited 2025/07/14.
-         Attar, Shima. (2021). The Position of Data and Big Data in the Property and Ownership Law of Iran and France. PhD Dissertation. Faculty of Law, Allameh Tabataba’i University. Tehran. [in Persian]
-         Attar, Shima & Parvin, Farhad. (2021). European Union Law and the Challenge of Recognizing Ownership Rights over Data in the Age of Digital Economy. International Law Journal. 38(65), 281-304. Doi: 10.22066/cilamag.2021.245186. [in Persian]
-         Bakhtjoo, Ruhollah & Karimi, Abbas, (2019), New developments in the legal protection of trade secrets in the new 2016 European Union directive with a comparative study in Iranian law, Journal of Trade Studies, 23(90), 141-168. [in Persian]
-         Bayat, Farhad & Azmandian, Mohammad Sadegh. (2023). Startup Contracts with Emphasis on Intellectual Property Contracts. 1st ed. Dadbanan Dana. Tehran. [in Persian]
-         Big Data LDN. (n.d). The 3 Vs explained. Available at: (https://www.bigdataldn.com/en-gb/blog/data-engineering-platforms-architecture/big-data-the-3-vs-explained.html). Visited 2025/07/20.
-         Bozorgi, Vahid, (2018), An appropriate intellectual property rights system for developing countries: with some references to Iran, Journal of Trade Studies, 22(88), 115-154, [in Persian].
-         Čtvrtník, M. (2023). Data Minimisation—Storage Limitation—Archiving. In: Archives and Records. Palgrave Macmillan, Cham. Doi: 10.1007/978-3-031-18667-7_8.
-         Chancey, Tyler. (2024). Big Data Privacy Issues: Protect Your Data with Advanced Analytics and Security. Available at: (https://www.scarlettgroup.com/big-data-privacy-concerns). Visited 2025/07/13.
-         Di Martino, M. (2019). Personal information leakage by abusing the GDPR “Right of access”. In Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security (SOUPS’19), USENIX Association. USA.
-         Elmasri, R., & Navathe, S. B. (2015). Fundamentals of Database Systems. 7th ed. Pearson. London.
-         Europe. (n.d). Database protection. Available at: (https://europa.eu/youreurope/business/running-business/intellectual-property/database-protection/index_en.htm). Visited 2025/07/10.
-         European IP Helpdesk. (n.d). FAQs on Database Protection. Available at: (https://intellectual-property-helpdesk.ec.europa.eu/regional-helpdesks/european-ip-helpdesk/europe-frequently-asked-questions_en#Database_Protection_Domain_Protection). Visited 2025/07/12.
-         Farhadi, Mehdi & Tovstiga, George. (2010). Intellectual property management in M&A transactions. Journal of Strategy and Management. 3(1), 32-49. Doi: 10.2139/ssrn.1357332.
-         Gemma, Minero Alejandre. (2021). Ownership of Databases: Personal Data Protection and Intellectual Property Rights on Databases. European Review of Private Law. 5, 733-756. Doi: 10.54648/erpl2021039.
-         Gervais, Daniel J. (2007). The Protection of Databases. 82 Chicago-Kent Law Review, 1109-1168.
-         Ghorban nia, Amir Mohammad. (2024). Legal Status of Personal Data in the Event of Ownership and Company Mergers. Master’s Thesis. University of Tehran. [in Persian]
-         Graux, Hans. (2024). What is data ownership, and does it still matter under EU data law? Available at: (https://data.europa.eu/sites/default/files/report/What%20is%20data%20ownership%2C%20and%20does%20it%20still%20matter%20under%20EU%20data%20law.pdf). Visited 2025/07/12).
-         Informatica. (n.d). Big Data and Privacy: What It Is and What You Need to Know. Available at: (https://www.informatica.com/resources/articles/what-is-big-data-privacy.html). Visited 2025/07/10.
-         Jha, Anupama, Dave, Meenu & Supriya, Madan. (2017). Big Data Security and Privacy: A Review on Issues, Challenges and Privacy Preserving Methods. International Journal of Computer Applications. 177(4), 87-93. Doi: 10.47392/IRJASH.2025.011.
-         La Diega Noto, Guido & Sappa, Cristiana. (2020). The Internet of Things at the Intersection of Data Protection and Trade Secrets: Non-Conventional Paths to Counter Data Appropriation and Empower Consumers. European Journal of Consumer Law. 3, 419-458.
-         Motavalli, Mohammad Mehdi, Zahoori Aram, Reza & Almasi, Mehrdad. (2017). Big Data Management with Hadoop Ecosystem. 1st ed. Rastino. Tehran. [in Persian]
-         Moryl, Beata & Synowiec, Sebastian. (2024). What is Privacy by Design and Privacy by Default under the GDPR. Available at: (https://piwikpro.de/blog/privacy-by-design-und-privacy-by-default/). Visited 2025/07/12. [in German]
-         Nemati, Ehsan & Hosseini Moghadam, Seyed Hassan. (2020). A Comparative Study of Plagiarism in Iranian and European Union Law. Comparative Law Research Journal, 4(2), 180-199. Doi: 10.22080/lps.2020.18367.1169. [in Persian]
-         Pavlidis, G. (2024). Unlocking the black box: analysing the EU artificial intelligence act’s framework for explainability in AI. Law, Innovation and Technology. 16(1), 293-308. Doi: 10.1080/17579961.2024.2313795.
-         Radoń, Barbara Anna. (2015). Trade Secrets Protection for ‘Big Data’: Personal Data as Trade Secrets in the European Union. Master Thesis. MIPLC. Munich.
-         Robins, Martin B. (2008). Intellectual Property and Information Technology Due Diligence in Mergers and Acquisitions: A More Substantive Approach Needed. U. Ill. J. L. Tech. & Pol’y, 320-356.
-         Sadeghi, Mahmoud & Tahmasebi, Ali. (2007). An Introduction to Legal Protection of Database Creators. Fiqh and Law Journal. 4(13), 131-152. [in Persian]
-         Shakeri, Zahra and Haji Hosseini, Ali. (2019). Legal System Supporting Business Methods; Lessons for Startups, Journal of Business Research, 24(94), 75-105. [in Persian]
-         Trail. (2024). EU AI Act: How risk is classified. Available at: (https://www.trail-ml.com/blog/eu-ai-act-how-risk-is-classified). Visited 2025/07/25).
-         Velivela, Gopinath, Rao, Krishna, Challa, Yallamanda & Prakash, Purna. (2016). The Journey of Big Data: 3 V’s to 32 V’s. ISSN ONLINE. 5(3), 169-175.
-         Zhou, Lina, Pan, Shimei, Wang, Jianwu & Vasilakos, Athanasios V. (2017). Machine learning on big data: Opportunities and challenges. Neurocomputing. 237, 350-361. Doi: 10.1016/j.neucom.2017.01.026.
 
 

  • Receive Date 20 August 2025
  • Revise Date 06 May 2026
  • Accept Date 11 May 2026