At a recent meeting I heard the expression ‘Data is the new Oil’ for the first time.
When you hear this, what does it conjure up in your mind?
Does it translate as data is the new oil of business?
The digital onslaught
It is hard not to have a business conversation without mentioning ‘digital’ and the new buzzwords are digital transformation and business transformation. I have not heard from anyone a convincing definition of what these mean.
What I have heard is the importance of data and how that can be transformative and I have personal experience of this. On one scale it can be the deep analysis of a small dataset that reveals new insights that support better decision-making through the analysis of a big dataset (Big Data) that can swamp you with riddles.
The ‘e’ fear
Just as oil has the ‘e’ fear where ‘e’ in this case is environment, so too does data has it’s ‘e’ fear being exploitation. There is huge debate that is growing in passion about data privacy (it affects everyone potentially and more so those that are online junkies) and how their personal data is exploited.
Fear not, your defender is the ICO
The Information Commissioners Office (ICO) is your defender and their documents may not be high on your must read list yet the contents provide reassurance that your privacy is important.
Politicians have stepped up to the mark in defence of privacy and the General Data Protection Regulation (GDPR) comes into force 25th May 2018 and the financial penalties under this regulation are greatly increased over those permissible under UK law today, being capped at £500,000. This has increased awareness of the importance of good governance in respect of processing and controlling data .
I sit on the board of the Federation Against Software Theft (FAST) and benefit from the expertise of people like Julian Hobbins General Counsel at FAST who writes a monthly bulletin on legal matters of interest to the IT software community. I copy below his latest bulletin and give full credit for his work.
Big data analytics and the ICO
“Big data analytics” – a concept so in vogue that the term has become a buzzword. Quick to point out that it is “no fad”, the Information Commissioner’s Office (ICO) last month published its second paper on the subject. The paper provides an illuminating discussion on some of the key issues surrounding big data and how it can be reconciled with data protection principles. However, before taking a look at this in more detail, it first seems necessary to clarify just what the term “big data analytics” means.
“Big data”, “AI” and “machine learning” are terms often used interchangeably. Although closely related concepts, there is a notable distinction.
Whilst there is no single definition, the term “big data” essentially refers to colossal datasets of real-time data from a multitude of sources. Its size and complexity means that it is difficult, if not impossible, to analyse using traditional data analysis methods.
“AI” or “artificial intelligence” refers to the computational power capable of intelligently analysing big data.
“Machine learning” is a phrase encompassing the range of intelligent techniques and tools that sit behind AI. These mechanisms (based on complicated algorithms) allow computers to “think”, adapt and respond autonomously accordingly to the data being processed. This means that computers can process and interpret big data with the insightfulness of a human (although not always through using the same anthropic rationale).
Together, these three terms are often referred to as ‘big data analytics” or simply “big data” and, for simplicity, these are the terms used throughout the remainder of this article.
Because big data analytics is such a sophisticated and complex approach to data processing, it has significant implications for data protection and privacy. It is therefore important to have an awareness of these implications whenever personal data is involved. Whilst the brevity of this update does not allow for an in depth look at the data protection implications of big data analytics, it does allow for a brief comment on some of the main points to take from the ICO report.
One of the key concerns flagged by the ICO is the possible conflict between big data analytics and the requirement for fair and transparent data processing. There is often a supposition that big data analytics is so sophisticated as to be somewhat shady or sinister.
The question of privacy
This therefore poses the question of whether big data analytics has an intrusive effect on individuals; for instance, where big data is processed for the purposes of automated profiling. In circumstances such as these – where big data is used in a way to make decisions affecting individuals – the ICO reminds organisations of the need to consider principles of fairness. Similarly, the ICO emphasises the importance of expectation and considering whether individuals could reasonably expect their data to be used in the ways that big data analytics facilitates.
The complexity of the machine learning underpinning big data analytics means that transparency is another key issue. Not only can the opacity of the processing create problems for individuals whose data is being used, it can also lead to difficulties when obtaining meaningful consent to the processing of personal data. This problem is further complicated due to the experimental nature of big data analytics, which means it is not always practical to give consent at the outset.
The matter of compliance
Whilst the above provides a flavour of some of the concerns discussed at length in the ICO report, it seems appropriate for this update to conclude by focusing attention on the overall stance of the ICO on the subject. However, before doing so, it is worth very briefly mentioning the number of “compliance tools” suggested by the ICO. These are measures, such as anonymisation, designed to help organisations comply with their data protection obligations in a big data context.
As the recommendation of these tools would suggest, the ICO is clear in its view that it is not a case of big data or data. Rather, the ICO endorses the view that big data is compatible with current data protection legislation. It also recognises and accepts the many commercial benefits of big data analytics across vast swathes of the public and private sector. Nevertheless, there is no denying that the volume, variety and complexity of big data present numerous problems for organisations that must adhere to legislative obligations.
The ICO’s focus is very much on how big data analytics and data protection can co-exist harmoniously. Data protection is not a blockade to big data analytics. Instead, a sensible, well managed and pragmatic approach is encouraged towards meeting data protection requirements and upholding key principles such as fairness and transparency.
How the ICO manages the tension between big data and the obligations on business to protect personal data under the GDPR will be one the ICO’s biggest challenges in the years ahead, especially after Brexit when the British Government will have greater freedom to legislate in this area. It is important for industry that the ICO, in managing that tension, does not implement the GDPR in such a way that it threatens to stifle innovation and the enormous potential commercial and social benefits that big data can deliver on.
A Big Read and I hope you found it informative.