0370 270 6000

Big data - dealing with the legal issues

27 January 2014

Recent developments in processing power and cloud computing means that the technology is now available, at low cost, to quickly analyse multiple sets of data from various disparate sources and in different formats and structures, in order to identify and predict future trends.

The ability to analyse this "big" data is likely to be the single biggest differentiator between competing businesses in the coming years.

There have been plenty of applications of it in use already, whether it be:

  • supermarkets analysing future Met Office forecasts to decide on lines of clothing to stock (potentially months in advance),
  • police forces analysing crime reports so as to deploy officers to sites at times when crimes are most likely to occur; or
  • investment banks seeking to identify the likely reaction of world markets to future events and to identify market trends.

Services that make use of "big data" are clearly very much in demand, not just by IT or marketing departments, but also in the board room as a key strategic tool for making sure customer needs are being met. There are some legal challenges however for those seeking to rely on big data:

The challenges

Those who would make use of the big promises that big data offers would be wise to consider the legal position in respect of the data they gather. Technology wont respect individual rights, but ignorance of those rights wont be enough to defend a claim or avoid a fine.

Avoiding data protection breaches - the limits of anonymity

Much of the promise of big data relates to the use of information about people, whether its their shopping habits, Facebook profiles, DNA or medical records. In detecting trends it may not be necessary to identify the individuals who contributed the data. Surely then the answer would be to anonymise the data, so that individual names are not captured, wouldnt it?

Sadly, recent case law suggests that its not so simple. Even if those collecting data are not linking it to any given individuals or are not aware of the individuals that submitted there may still be a breach of data protection legislation if the relevant individuals can be identified from the data itself. The smaller the number of samples, (or the more unusual the data), the higher the risk. Facebook profiles for instance might give sufficient information to allow someone to guess at the identity of an individual, whether or not a name or photograph is captured.

Breaches of personal data legislation can give rise to fines in various jurisdictions, including the UK. These fines are set to become more severe, with recently passed EU proposals set to increase the maximum to 5 of worldwide group turnover.

Anyone looking to collect or make use of big data should therefore make sure that the information gathered is not likely to breach relevant data protection legislation.

Dealing with IP rights and the "Ownership" of Data

Even where there is no personal data at stake, the way that that the law treats data is unusual. Whatever rights a contract might purport to give about the use of data (typically contracts offer very little by way of guarantees where data has been collected from multiple sources), the data itself may attract various layers of intellectual property rights, including copyright protection and database right. It may be sufficiently confidential to attract rights of confidence and/or be protectable as a trade mark or under the laws of passing off - any of which could give the original author a claim against someone using the data.

If this were not sufficiently complicated, different jurisdictions treat these intellectual property rights differently, meaning that data gathered from different countries may well attract different rights, allowing a French claim for privacy to succeed, where a claim from another jurisdiction might fail.

Again - use of big data, without respecting the IP or confidentiality rights that apply to that data could result in claims from those who first created or compiled it.

Getting the contract right

As with any contracts relating to data, the key thing is working out what youve got and what you can use it for. Can the data you hold be used for a particular purpose, within a particular territory or sector? Can it be combined with other data, licensed to third parties, used for a certain time only? Must it be returned on termination and (key if youre seeking a competitive advantage) are there any restrictions preventing it from being licensed to others in the sector?

As youd expect for data compiled from multiple sources, no warranties are typically given in respect of accuracy or reliability of the data or any conclusions reached as a result of its analysis - but being clear about the rights that have been considered in the collection of the data should put users in a better position to exploit the advantage of new technologies in the sector and to make the "big" differentiating changes that big data promises.

This article was first published in Data Centre Solutions

Focus on...


IR35 rules to be scrapped from April 2023

The Chancellor’s recent mini-budget provided a significant announcement for business as it was confirmed that the off-payroll working rules (known as “IR35”) put in place for public and private sector businesses from 2017 and 2021 will be scrapped from April 2023.


Press releases

Browne Jacobson advises Clean Power Hydrogen on latest international licensing deal with Kenera

Browne Jacobson’s specialist cleantech lawyers have advised AIM listed Clean Power Hydrogen Group Limited (CPH2) on its licence agreement with Bentec GmbH, a member of the Kenera business of the KCA Deutag Group. Kenera will manufacture CPH2’s unique membrane-free electrolysers from its facility in Bad Bentheim, Germany.


Press releases

Browne Jacobson’s specialist corporate finance lawyers advise LDC on sale of global IT services provider

Browne Jacobson’s corporate finance lawyers have advised leading mid-market private equity firm, LDC and management on the sale of specialist managed IT services provider, Littlefish to Bowmark Capital.


Legal updates

Digital Markets Act and Data Platforms - FRANDs for life?

The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.


Richard Nicholas

Richard Nicholas

Partner and Responsible for In House Lawyers

View profile