Harms arising from digital data use in the big data context are often systemic and cannot always be captured by linear cause and effect. Individual data subjects and third parties can bear the main downstream costs arising from increasingly complex forms of data uses-without being able to trace the exact data flows. Because current regulatory frameworks do not adequately address this situation, we propose a move towards harm mitigation tools to complement existing legal remedies. In this article, we make a normative and practical case for why individuals should be offered support in such contexts and how harm mitigation tools can achieve this. We put forward the idea of 'Harm Mitigation Bodies' (HMBs), which people could turn to when they feel they were harmed by data use but do not qualify for legal remedies, or where existing legal remedies do not address their specific circumstances. HMBs would help to obtain a better understanding of the nature, severity, and frequency of harms occurring from both lawful and unlawful data use, and they could also provide financial support in some cases. We set out the role and form of these HMBs for the first time in this article.
Keywords: Big Data; Biomedical data; Collective responsibility and oversight; Data governance; GDPR; Harm mitigation.
© The Author(s) 2019. Published by Oxford University Press.