Big data relies on collating huge amounts of information, much of it about individuals. Does that place a huge legal roadblock, in the form of privacy laws, in the way of big data projects?
Magnifying glass picture from Shutterstock
That issue was discussed in a presentation at the recent AIIA Navigating Big Data conference by Norton Rose Partner Nick Abrahams. Abrahams leads the AP tech practice for the firm, and he points out that big data projects invariably invoke privacy issues.
“In Australia we talk about giving people notice about what’s going to happen with their data,” he said. Big data changes that because you can’t predict the usage. “When you get big data sets, the way data is used is often way out of sync with what was originally expected to happen.”
“At a legal level, that’s quite challenging: who owns the data? You will own your own information, but you will give people the right to use it under certain terms. That’s how it works. Ownership at law doesn’t really work for data very well.”
Anonymisation may not be a solution either. “A lot of my clients talk about de-identification of data. Big data kind of runs across de-identification because the data sets are so immense. But there’s a challenge: are there so any data sets coming together so it’s easy to determine who that individual is?”
One reason to remain alter is that privacy laws have been strengthened in Australia this year. “Up until recently, there’s been very little ability for the government to seriously fine people for privacy breaches The Privacy Commissioner is significantly under-resourced. People have been able to ‘get away’ with privacy breaches. On a risk analysis, privacy fell quite low. Things are very different now.”
“The Privacy Commissioner can now impose very significant of $1.7 million a breach plus $300,000 for individuals. What we’ve seen in the past is that once the fines start getting up to a reasonable, amount, particularly the personal fines, that’s an easy way to get the attention of boards of directors and start to take it a bit more seriously.”
That doesn’t mean that all privacy law changes are relevant. “We’re now talking about the tort of privacy in Australia,” Abrahams said. “For most of us, for non-celebrities, that tort is not going to be available because we don’t suffer such significant damage. That is a remedy that is available to a tiny percentage of the population. For most of us privacy is just about how people are correlating our data.
For all that, Abrahams says common sense matters more than fine-grained legal principles. “When I think about privacy, I don’t think people are that concerned about marketing. What people are concerned about more is data breaches, and that their data is going to be looked after in a reasonably sensitive way and with a reasonable amount of technology.”
“It comes down to: If the individual knew how you were using that data, would they be upset? Many organisations are using data in ways that individuals don’t understand, but they don’t care if it’s giving them better service. What they hate is their data being sold.”