Out-Law / Your Daily Need-To-Know

Out-Law News 4 min. read

Better use of 'big data' can boost UK productivity, but privacy issues must be addressed, say MPs


UPDATED: Companies are not fully exploiting the data that they have access to and this has "massive" implications for the performance of the UK economy, a committee of MPs has said.

The Science and Technology Committee said it is estimated that most companies only analyse 12% of their data. It said "data-driver companies" are "10% more productive than those that do not operationalise their data".

In its report, however, the committee highlighted data protection issues that organisations need to be aware of when seeking to harness personal data. The UK government and businesses must tackle the "distrust arising from concerns about privacy and security … if the full value of big data is to be realised", it said.

"Businesses and governments that communicate most effectively with the public, giving the citizen greater control in their data transactions by using simple and layered privacy notices to empower the consumer to decide exactly how far they are willing to trust each data-holder they engage with, will gain a huge commercial and societal advantage," the committee said.

"Although the length of a privacy notice will be dictated by the service or data application involved, it should be best practice to draft them as simply as possible. Furthermore, if informed, freely given consent must be the bedrock of a trusting relationship between a consumer and a data-holder, then it must always be part of that deal that consent freely given can also be freely withdrawn," it said.

The UK's Information Commissioner's Office (ICO) recently opened a consultation on a proposed new privacy notices code of practice for organisations. The draft code advocates a "blended approach" to informing consumers about how they intend to use their personal data and provides guidance on how to remain compliant with data privacy rules when engaging with consumers via mobile devices and other digital channels.

In its report, the committee said the ICO's powers to compel some public bodies to participate in data protection audits should be extended to apply them to local authorities. It also said that criminal penalties for data protection breaches should be extended so that people that breach the Data Protection Act can face imprisonment in the most serious of instances. The ICO has long been campaigning on the issue.

The UK government is due to outline a new five year digital strategy early this year. It held a consultation on the issue in January. The Science and Technology Committee said that government should "set out its anonymisation strategy for big data" within the broader digital strategy paper.

The committee said that EU's General Data Protection Regulation (GDPR) "appears to leave it open for data to be re-used, and potentially de-anonymised, if 'legitimate interests' or 'public interest' considerations are invoked" and that this raises the question of how to best to balance "the potential benefits of processing data … and people’s justified privacy concerns".

It is "unsatisfactory" for the government not to address the matter, so it should set out "a clear public-policy position", the committee said.

"The government should therefore clarify its interpretation of the EU Regulation on the re-use and de-anonymisation of personal data, and after consultation introduce changes to the Data Protection Act 1998 as soon as possible to strike a transparent and appropriate balance between the benefits of processing data and respecting people’s privacy concerns," the committee said.

"Given the UK’s leading position in big data and the government’s stated commitment to capitalise on the potential innovation and research opportunities it promises, the government should establish a Council of Data Ethics within the Alan Turing Institute as a means of addressing the growing legal and ethical challenges associated with balancing privacy, anonymisation, security and public benefit. Ensuring that such a Council is established, with appropriate terms of reference, offers the clarity, stability and direction which has so far been lacking from the European debate on data issues," it said.

Data protection law expert Marc Dautlich of Pinsent Masons, the law firm behind Out-Law.com, said: "It would be good to see a joined up approach and understand how the proposal for a new Council of data Ethics would fit with existing initiatives such as the UK Anonymisation Network, which was set up when the ICO outlined its anonymisation code of practice, and the work of sector-specific bodies like the Nuffield Council on Bioethics. It is welcome that the Science and Technology Committee has called on the government to help raise businesses' engagement with the UK Anonymisation Network in its report."

The Science and Technology Committee said that a "data protection kitemark" developed by the ICO could help flag good practice on data privacy. It said both the government and ICO "should work with industry to ensure that the UK’s already developed kitemark is adopted as soon as possible, and initiate a campaign to raise public awareness of it".

The ICO has previously outlined plans to support a 'privacy seals' initiative to endorse certification schemes that highlight good privacy practices by organisations.

A spokesperson for the ICO told Out-Law.com that the committee's claim that the 'data protection kitemark' is ready to use now is inaccurate. In its February newsletter, the ICO said that it is "currently conducting independent consumer research into logo designs and names as well as developing a marketing strategy" and that businesses can expect more news "over the next few months".

The committee called on the government to make more "publicly-funded infrastructure and expertise" available to businesses and to take steps to address the "digital skills gap", which it said is "approaching crisis levels". The lack of digital skills has implications for the success of the UK economy and for data security, it warned.

The government should also expand its plans for making it easier for organisations to access government data, the committee said. It said steps should be taken to help improve access to "real-time" data and that the government should "establish a framework … for auditing the quality of data within government departments amenable for big data applications, and for pro-actively identifying data sharing opportunities to break departmental data silos".

Editors note 12/02/2016: This story has been updated to clarify the position in relation to the ICO's privacy 'seals'.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.