This page contains a Flash digital edition of a book.
technology: big data 19


Big Data raises legal issues over data accuracy, protection and privacy


The immense volume and scale of information in the world is constantly, irrepressibly and inexorably growing. It is very easily collected, collated, processed and stored digitally. What is now possible is that increasingly innovative and sophisticated technologies can be applied to vast datasets for data mining, analysis and modelling, through interconnected powerful computers, for aggregation, processing and re-use. This, writes Rachel Burnett of Paris Smith, is what Big Data is all about


Big Data is used and exploited in all sectors: commerce, education, healthcare and government. For instance, the Government has an open data and transparency agenda for information sharing. It is making thousands of datasets easily available in the public domain, obtained from central government departments, local authorities and other public sector bodies, via http:// data.gov.uk/. The private sector uses Big Data for business strategies, product development, research and marketing. Businesses are increasingly using online behavioural advertising, with detailed analytics, targeting and profiling. There are major benefits for the businesses, and there are also advantages for the public as consumers, in the development of products and services that they want.


Big Data raises a number of legal issues, some controversial, including those concerning intellectual property rights, around regulated industries like financial services, in respect of problems caused by inaccurate or erroneous data – and particularly over data protection and privacy. The ongoing tension between the protection of individual privacy and the commercial exploitation of personal data is unresolved for Big Data as for other kinds of information. Individual rights and freedoms must be protected at the same time as permitting the free flow of data for economic functions.


The general principles of data protection law apply to all personal data, including personal data comprised in Big Data. For example, personal data must be accurate, held for no longer than necessary, and processed only for specified and lawful purposes.


The current concepts of transparency and obtaining explicit consent will remain important in the imminent modernisation of data protection law across the EU


THE BUSINESS MAGAZINE – SOLENT & SOUTH CENTRAL – MAY 2013


(and therefore the UK). The terms of the European Commission’s proposed General Data Protection Regulation are still being discussed. It is planned for implementation throughout member states over the next two or three years. New concepts are being introduced. One objective is for individuals to assume greater control over their own personal information. The concept of ’data portability’ will enable an individual’s personal data to be treated as that person’s property entitlement, to enable it to be copiable and electronically transmissible in a usable format for its owner. The proposed ’right to be forgotten’ will require personal data to be deleted when there is no necessity for the data to be retained.


Another objective is for controllers and users of personal data to be clearly responsible and accountable for its processing. They will have to incorporate ’Privacy by Design’ into their systems design early on, for privacy and security risks to be evaluated, minimised and managed from the stage of planning for new products and


services. ’Privacy impact assessments’ are another methodology by which organisations can identify and manage their privacy risks in collecting, processing and disclosing information by means of monitoring, review and assessment.


However, much of the value of Big Data processing technologies lies in the knowledge gained from aggregating and analysing patterns and trends, rather than in focusing on the activities, conduct, characteristics and preferences of identifiable individuals. Certainly the anonymisation of personal data is one way to avert the risk of privacy infringement. By anonymising data, individual identification should be eliminated, either for the data in isolation, or when cross-referenced with other data. Properly anonymised data is therefore not personal information, and can consequently be used without breaching data protection legislation.


There should be no way of combining anonymised datasets with other information (for example through matching against third party data) to enable re-identification. Skilled expertise should be utilised for effective anonymisation techniques, so that the risks of re-identification are remote.


The ongoing tension between the protection of individual privacy and the commercial exploitation of personal data is unresolved


The Information Commissioner’s Office (ICO), the regulator for personal data, has published a detailed code of practice for businesses (of over 100 pages): Anonymisation: managing data protection risk. It is also launching the Anonymisation Network, a consortium led by the University of Manchester, with the University of Southampton, the Office for National Statistics and the Open Data Institute, to provide advice and expertise on good practice related to anonymising data.


The ICO can impose fines and other sanctions for inadequate anonymisation and other breaches of data protection rules. The management of personal data used by an organisation, whether for its employees or customers, and whether for its marketing, sales or product research, covering any Big Data analytics, must be considered within its overall risk strategy especially in the scenario of forthcoming changes to data protection rules, in the UK and across the EU.


Details: Rachel Burnett 023-8048-2129 rachel.burnett@parissmith.co.uk www.parissmith.co.uk


www.businessmag.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40