Blogs

Data protection principles bring big data benefits

Senior Policy Officer, Information Commissioner’s Office

Big data is not a game that’s played by different rules. If it involves personal data, data protection principles still apply.

That’s the view of the Information Commissioner’s Office (ICO). We’re the independent regulator for data protection in the United Kingdom, and we’re interested in big data when it involves collecting and analyzing personal data. We believe that data protection is an important part of big data—read about this stance and other views in our newest report.

Big data legal framework

data protection.jpgWe don’t accept that the volume, variety and velocity of big data means that data protection principles no longer apply. Those principles are about fairness, transparency and trust. Organizations need to make a realistic assessment of the benefits, understand how it will affect those whose data they’re utilizing and explain this to them, clearly. People are more willing to share data if they trust the organization.

That’s why, in the UK, there is a well-established legal framework for data protection (based on the current European Union directive). We believe that paying attention to data privacy is not just a compliance issue—it will also help organizations realize the true benefits of big data.

Consent

Big data is said to challenge the so-called “notice and consent” model. We believe that it makes organizations more innovative and connected to the producers of the data they utilize as they explain how this data will be used. The complexity of analytics should not become an excuse; it’s about explaining the purpose of the processing, not the algorithms.   

“Purpose limitation” is also said to be a barrier to big data. The real test is whether the (re)use is incompatible with the original purpose for which the data was obtained. If you’re going to use it for something completely different, something people would never have anticipated, then you need to tell them what you’re doing and, if necessary, obtain additional consent.

Anonymization

Personal data must be protected, and that is why anonymization (one of the tools in a Privacy by Design approach) is an important tool for mitigating risk and assuring people that their data will not be used in a way that identifies them. As more datasets become available, and analytics tools become more powerful, it becomes harder to say that data is truly anonymized. But that doesn’t mean that anonymization doesn’t work; the issue is whether data can be anonymized to the point where the chance of re-identification is extremely remote. Building appropriate privacy controls at the design stage will help to address this issue.

Responsibility and improvement for big data

It’s clear that big data highlights the need for good data management. Issues such as how the data was obtained, what consents were given, whether it identifies individuals and how long it should be stored are not just data protection issues, but part of data quality assurance as well. The risk of getting it wrong (which includes not just regulatory action, but also a tarnished business reputation) moves the responsibility for data management up to senior level in all organizations.

Download the paper to review some top tips to help organizations get it right. Let us know if you feel that we’ve covered today’s most relevant data protection issues, or if we’ve left out anything important. Other questions ready for your feedback are at the end of the paper. Contact me anytime with your thoughts, ideas and input.