Please be informed that the IPA offices will be closed Friday 4th August.
We will respond to you as soon as we return on Monday 7th August.

ICO publish report on big data

The Information Commissioner’s Office (ICO), the UK’s data protection regulator, has published a consultation paper on “big data” and how it fits within the UK’s privacy framework. The ICO believes “the emerging benefits of big data will be sustained by upholding key data protection principles and safeguards”. The consultation has been extended until 17th October.

26/09/2014

Download the paper here.

The ICO acknowledges that it is difficult to give a “watertight definition” of big data but suggests that it is a shorthand way of describing the features of certain data and how that data is processed. The Gartner IT glossary defines it as: “high volume, high velocity, high variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making. Perhaps not the clearest definition, but the emphasis is on high volume – huge datasets, high velocity – fast processing of those datasets, and high variety – datasets comprising data from a wide variety of sources.

Many instances of big data analytics do not involve processing personal data at all. Some do, however, using personal data from sources such as social media or loyalty cards and big data can, of course, be used to fine-tune offers of products/services to individuals based on their preferences or lifestyle. Big data analytics can also involve automated processing and s12 Data Protection Act 1998 (DPA) entitles individuals not to have decisions taken about them which significantly affect them that rely solely on automated means. It follows that, where personal data is being used in big data analytics, processors must ensure compliance with the DPA.

Says Richard Lindsay, Director of Legal & Public Affairs, IPA: “The paper reminds readers that one of the key data protection requirements under the DPA is that the processing of personal data is fair. Organisations must be transparent when collecting data and explain to data subjects how they intend to use their data. Similarly, if intending to repurpose personal data, organisations must ensure that the data subject is made aware of any new purpose.

“There is nothing particularly new or surprising in the paper. It is, though, a useful reminder to organisations that carry out big data analytics that they need to consider whether the data they are processing includes personal data and, if it does, that they comply with the DPA.”

Last updated 26/09/2014


Contact the IPA

ABCe audit Offical Webby Awards Honoree (2011, 2013)

Website, membership and content management software by Senior
Creative design by Igentics

The IPA
© 2017 IPA. All rights reserved. No part of this
site may be reproduced without our permission.