Much has been said about the huge market opportunities that “big data” represents for the IT industry, writes Hamish Corner of Penningtons Solicitors in Cambridge.
In the context of the internet, this requires new software techniques to enable unstructured internet-based data to be organised and analysed within a structured environment.
The trend is fuelled by numerous factors, including the staggering volume and velocity of internet-based data, the desire to track and predict customer behaviour, and the greater prominence of the cloud computing model to deliver IT services. Perhaps inevitably, questions arise about how and whether to protect personal data (including lifestyle preferences, website behaviour, posts, images and so on) of internet users.
For one thing, the preference of the private individual for small-memory handheld devices, combined with greater reliance on (and acceptance of) cloud-based storage solutions, means that much less information is stored and controlled locally by users. As this model of personal computing continues to develop, might it become increasingly difficult for one to keep track of personal data, or of how it is being used or indeed monetised by others?
Also, the way in which personal data is viewed seems to be shifting. It is true that many individuals who use the internet remain unaware of how their personal data and web presence is being utilised, or perhaps simply place an implicit level of trust in their service providers to handle their data appropriately. However, it also appears that many users of social media show little concern for the protection of their personal data, and indeed are entirely happy to share or even relinquish it. They understand the bargain proposed by social network providers, search engines and the like, and they agree to it.
Where does this leave the law? Like many areas where technology, intellectual property and the internet overlap, the position is not a particularly cohesive one. In part, this is an inescapable consequence of the pace of change. In this respect, the Data Protection Act has been supplemented in piecemeal fashion by numerous privacy and e-commerce laws, in order to address specific concerns, but nonetheless we are left with a rather fragmented picture.
Reforms in data protection law are on their way but they won’t come into effect in the UK until 2015 or 2016, in all likelihood. The proposals significantly increase the sanctions against non-compliant businesses. They also contain some major changes in how responsibility is allocated: for instance, explicit consent will be required for all data processing activities. Plus, there is a proposed “right to be forgotten”, under which an individual can require a business to erase all personal data it holds relating to that individual. How such a right would be effectively implemented and enforced remains to be seen.
The proposals therefore strengthen what is at the core of data protection law: that personal data is private, and ‘belongs’ to somebody, and as such must be respected and treated carefully. However, will the next generation of social media users see this as such a priority? More significantly, there seems to be a growing divergence between what the law mandates (namely, to protect and restrict personal data) and the models adopted by industry (namely, to create, profile and monetise personal data).
The growth in ‘big data’ analytics might well bring this into sharp focus, and one wonders whether the reforms will be fit for purpose by the time they are enacted.