All the ongoing proposals for a reform of data protection regulations, both in the U.S. and Europe, are still focused on the purpose limitation principle and the “notice and choice” model. This approach is inadequate in the present Big Data context. The paper suggests a revision of the existing model and proposes the provision of a subset of rules for Big Data processing, which is based on the opt-out model and on a deeper level of control by data protection authorities
