With Big Data-related excitement on the verge of finally reaching a crescendo, many market analysts are forecasting gargantuan outlays. But, as more organizations begin to explore the potential of Big Data Analytics in greater depth, many practical and moral challenges will further emerge, requiring our attention. With Big Data, comes big responsibility An ABI Research report, Big Data Spending to Reach $114 Billion in 2018; Look for Machine Learning to Drive Analytics, predicted that the worldwide market for Big Data related hardware, software and professional services would reach $30 billion by the end of 2014, experiencing a staggering Compound Annual Growth Rate (CAGR) of 30% through to 2018 where the total market size would reach $114 billion. Wikibon’s Big Data Vendor Revenue and Market Forecast 2013 – 2017 report supports those figures, projecting the Big Data market to be worth around $28.5 billion by the conclusion of 2014, climbing to $50.1 billion by the end of 2015. To put that into perspective, IDC estimates that the Big Data market will experience a growth rate six times higher than the rest of the global IT market. Furthermore, according to a 2014 Big Data research study conducted by IDG Enterprise – Big Data: Growing Trends and Emerging Opportunities, the ‘average’ company intends to spend $8 million on Big Data related initiatives this year. Results, based on 751 respondents, also indicated that 49 percent of survey participants had already implemented a Big Data project. Organizations were also anticipating an average 76 percent increase in the amount of data they had to manage for the purposes of reporting and analytics within the next 12 months. But while we’re already feeling the positive affects of Gartner’s late 2012 prediction that by 2015 4.4 million IT jobs would be created globally to support the Big Data ‘revolution’ (generating 1.9 million IT jobs in the United States), many are yet to consider the legal and moral implications. Will the continued exploration of Big Data lead to big legal problems? As the Big Data movement has gathered momentum, privacy has become an increasingly prevalent issue. An opinion piece compiled for ComputerWeekly.com by Kim Walker, partner at UK-based law firm Thomas Eggar, discussed some of the legal quandaries surrounding organizations’ eagerness to exploit Big Data. In her Big data, big legal trouble? article, Walker cited social platforms, such as Google and LinkedIn, which “have created a revenue stream from the data collected by supplying businesses, individuals and public institutions with an insight into the behavioral patterns of their target audiences.” Keep it anonymous According to Walker, one of the best ways for organizations such as Google or LinkedIn – looking to harness consumer data for corporate purposes – to circumnavigate data protection and privacy issues, and bypass the need to obtain subject consent, is to ensure that any data used is anonymous. Walker said that guidelines from the Information Commissioner’s Office (ICO) include a Code of Practice on Anonymity, which is aimed at helping companies manage risk. Verify the source and identify licensing terms Walker added that is was paramount for organizations to check the source of any data intended for use in any business analytics project, noting that: “Unless specifically released as open data, most data sets will be subject to some controls in relation to their use. A business should identify any license terms on which data is supplied and use this to engineer protection in the form of warranties in the agreement with the data owner. If the data collected is going to be used in a commercial service delivered to users by the business, then those customers will expect to receive assurances as well.” Because, as Walker put it, the Big Data business model essentially boils down to more traditional questions of intellectual property, confidentiality, contract and data protection law, there are a number of ways in which organizations can become Big Data compliant. Request a warranty from the data supplier and seek assurances Walker advised that, even where anonymized data is supplied, the organization intending to utilize (analyze or sell) that data for commercial gain should request a warranty from the supplier. That warranty should contain assurances stating that the data is fully compliant with Data Protection Act requirements. According to Walker, it’s also prudent to ensure that subjects (people involved in the original compilation of the data set in question) were clearly informed, at the point of data collection, that their data may be used and disclosed to others in anonymized form. “Warranties will also be required in relation to the ownership of and ‘freedom to use’ the data to avoid disputes arising as a consequence of an infringement of intellectual property rights or a breach of confidentiality,” noted Walker. Additionally, Walker said that a data set would be protected under English law by Database Rights. To quote from the Copyright and Rights in Databases Regulations 1997, the rights will belong to the person who takes the initiative in “obtaining, verifying and presenting the content of a database, while assuming the risks involved in doing this”. Walker added that this is an automatic right of ownership and should be respected. The ability of a user to re-use or resell the data provided needs to be clearly set out in the license agreement in this stage of the supply chain. Finally, Walker said that a license or service agreement, between the data supplier and the business seeking to leverage that data, should contain contractual terms that protect the business and ensure that the revenue stream is properly secured. Duisberg: Legal considerations when developing a Big Data strategy Dr Alexander Duisberg, a highly respected lawyer within the IT industry from international law firm Bird & Bird, echoed Walker’s words in his discussion of the issues of data usage, ownership and privacy – as they relate to the development of a Big Data strategy – in his informative video, An introduction to the legal implications of Big Data. Data ownership as a concept What makes the idea of data ownership so difficult, in relation to an organizations’ right to collate and leverage consumer data attained for the purpose of Big Data Analytics, is that no jurisdiction currently has fully developed legal guidelines relating to individual data. “We do have a European concept around intellectual property, which includes a framework to deal with Database Rights,” said Duisberg. “But when you go outside of the EU [European Union], that does not exist. Database Rights, as derived from EU regulations, has no relevance. Dealing with structured and unstructured data is a ‘greenfield’.” Big Data: Data protection and privacy While Duisberg acknowledged that the issue of data protection rights is “huge” – particularly when “you have a connection to data subjects – [that is], natural persons” – he also stated that there remained a large amount of legal uncertainty in this emergent field. “When we think about the massive amount of data, and the potential of combining different sources – and therefore the ability to profile individuals, it means that there are big [legal] challenges ahead,” said Duisberg. Duisberg outlined four pieces of legal advice for corporations interested in investing in technology and data sources to enable the process of Big Data Analytics. Tip 1: Understand what you own “The first top tip for any corporation that’s getting interested in better understanding what data it actually has and holds [is to] carry out some sort of due diligence process from a legal perspective to establish what data it owns,” said Duisberg. He explained that setting up such a process would also enable organizations to address potential privacy and data protection considerations, as well as intellectual property and third-party rights: “So the whole dimension of understanding what a company holds, what access to certain sources of data it has when it is sourcing data from third-parties, raises the whole issue about due diligence – know what the data is, even if it’s still a large pool of unstructured data.” Tip 2: Privacy considerations, now and in the future “The next tip is, when you go into a business that is consumer-oriented, when you’re looking into predictive analytics, when you’re trying to find out how to better target individual consumers, you have to think very carefully and clearly about the implications on the privacy side – and not only in a ‘snap shot’ impression, but actually dynamically over time,” said Duisberg. Duisberg was also quick to highlight that, due to the emergent legal implications of Big Data, the steps required to adequately address privacy concerns were likely to change in the future. “What may be considered anonymous data as of today, over time and in cross combination with other data sources, may actually allow us to profile individuals,” said Duisberg. “So even then, as an ongoing process, you’re looking at a moving target.” Tip 3: Buying and selling Big Data: Licensing considerations “The third consideration is thinking about transacting,” said Duisberg. “So you might be a corporation that is considering sharing or trading Big Data with other organizations – perhaps partners or customers. You need to think about actually developing documentation that defines and scopes that commercial transaction, which states that one party is ‘licensing’ an asset.” Tip 4: Access to public sector information Finally, Duisberg said that organizations developing a Big Data strategy should consider the changing regulations around access to public information, and resultant challenges and opportunities. “It’s quite clear that the new adaptation of the public sector information directive is driven by clear understanding that the information held by governments in Europe represents huge potential for innovators to make sense of it,” said Duisberg. “So the access to publicly available information, through the routes the directive has set forth which will come into effect from about two years from now, will give a lot of opportunity to small and midsized businesses which they have not had in the past.” What about me? A look at Big Data from the perspective of the individual So that’s all well and good if you’re an organizations looking to harness and exploit customer data for competitive advantage. But what about the individual – the consumer? As a consumer, what are your rights, and how do you feel about corporates utilizing your personal information for competitive gains? Furthermore, it’s not just the concept of corporations having access to your (principally digital) movements, transactions and even desires that’s daunting. Highly targeted marketing and messaging is a science-come-art that will continue to be developed over time. What’s scary, is the idea that through exploiting increasingly detailed and complex datasets, companies will not only be able to precisely target consumers on a one-to-one basis, advanced algorithms derived from this data analysis could theoretically ‘tell’ us what we want – covertly manipulating our decision-making process towards a desired end (or predicting that end altogether). Choice would become a mere illusion. As articulately summed up in an article titled With Big Data Comes Big Responsibility: “Whether it is billions of photos that carry a payload of emotions, relationships and location data, status updates announcing the arrival of a new one, those searches for discount Prada shoes, or a look-up about a medical condition — there is someone somewhere vacuuming our data droppings and turning them into fodder for their money machine. “Forbes tells us that even seemingly benign apps like Google-owned Waze, Moovit or Strava are selling our activity and behavior data to someone somewhere. Sure they aren’t selling any specific person’s information, but who is to say that they won’t do it in the future or will use the data collected differently.” For example, do you really know how or what Facebook knows about you, your habits and preferences? Do you know how they use that information to govern their interactions with you? And, do you know which aspects of this informational profile they on-sell to third-party organizations? Surely, as the legal framework surrounding Big Data evolves, an organizations’ ability to capture and analyze personal information – without seeking express permission to do so, in conjunction with outlining how such data might be used or sold – will be vigorously challenged. But, because this debate is yet to be properly held, with many individuals not stopping to consider the consequences of giving-up troves of personal data to corporate interests, technologists such as MailChimp Data Scientists, John Foreman, lament that “humans are bad at discerning the value of their data”. “Our past data betrays our future actions, and rather than put us in a police state, corporations have realized that if they say just the right thing, we’ll put the chains on ourselves,” wrote Foreman. “In the hands of machine learning models, we become nothing more than a ball of probabilistic mechanisms to be manipulated with carefully designed inputs that lead to anticipated output.” So, what are your expectations, as a citizen and consumer, when it comes to personal data privacy and transparency? Information privacy and transparency in the age of Big Data: Consumer rights? Software Advice – a media and advisory company that provides detailed reviews, comparisons and research for software buyers – went someway to answering this questions and gauging consumer sentiment towards data collection and usage methodologies in its random survey of 385 individuals across the US. Individuals aware of customer data collection, demand stronger regulations The study, How to collect your customers’ data – without scaring them off, found that while 78 percent of respondents understood that customer data collection was commonplace (54% “extremely common”, and 24% “somewhat common”), a clear majority (70%) were also in favor of stronger laws and regulations governing how companies collect and use customer data. “Our survey found that the majority of respondents were in favor of stronger laws and regulations governing the way companies use CRM or Business Intelligence platforms to collect data about their customers,” said Business Intelligence researcher at Software Advice, Abe Selig. The survey showed that 54 percent of respondents “strongly agreed” that there should be tougher laws and regulations governing both the collection and use of customer data. However, Selig was of the opinion that such reactions are perhaps overly cautionary and reactionary: “Just as the experts who were interviewed in the piece explained, I think a lot of this stems from previous bad experiences people have had or bad experiences they’ve heard about.” Notably, 24 percent of respondents were fairly apathetic towards the issue, stating that they “didn’t know” or “didn’t care” – a position that MailChimp’s John Foreman bemoans. Younger respondents less concerned by data collection While nearly 75 percent of respondents opposed any of their personal data being collected, stored or used by organizations, younger respondents were more open to the exercise – especially if it was likely to result in more personalized product / service offerings. In fact, 44 percent of participants aged between 18 and 24, and 40 percent of 25-to-34-year-old respondents, were open to data collection by companies. Interestingly, the Software Advice research uncovered an opposite generational trend among older respondents (55-to-64-year-olds), with 81 percent of the senior age bracket opposing the collection, storage and use of customer data. Acceptable ways for companies to use customer data As 75 percent of survey participants opposed the use of customer data by organizations, it’s little surprise that a similar percentage (71%) responded that none of the survey’s suggested practices or purposes were acceptable ways for companies to use their customer information. However, several somewhat predictable trends were again discovered when segmenting responses by age group. Almost 84 percent of respondents aged 65 and above said that there were no acceptable ways for companies to utilize their personal customer data. Conversely, 60 percent of survey participants aged between 25 and 34 gave the same response, with that dropping again to 56 percent for 18-to-24-year-olds. Transparency reduces concerns over customer data collection and usage Regardless of whether these figures suggest that younger consumers are ‘naïve’ or older ones unnecessarily ‘conservative’ when it comes to corporations using their personal customer information, the concerns of all age groups diminished based on the same single factor: Transparency. Almost half of all respondents said they would be less bothered by having their data collected if companies disclosed exactly what they were collecting, and why. Thirty percent said they would be “a lot less bothered” if companies told them exactly what data they were collecting, why, and what they were using it for. A further 16 percent said they would be “slightly less bothered”. “The numbers show there’s a clear split between businesses, which want to collect customer data and leverage it, and their customers, who are deeply concerned about their privacy,” said Selig. “But, transparency is also key here, and our survey backs that up too. We found that if companies are more upfront and open about how and why they use customer data, the fear factor is greatly diminished.” Having said that, 24 percent of respondents reported that they would remain “extremely bothered” by such data collection and usage practices – regardless of the aforementioned transparency measures. Who’s going to protect the rights of the consumer in the age of Big Data? Whatever the case, it’s clear that as more and more companies practice increasingly sophisticated levels of Big Data Analytics – in order to streamline business practices, effectively win new clients and efficiently develop new and existing revenue streams – the divergent rights to information protection and access will be debated loudly in the public forum and boardrooms alike. What’s interesting to consider is how the rights of organizations and consumers will be fairly balanced – to protect individual liberties while supporting a data-driven economy that encourages innovation and competition. And how and who will regulate this data economy? Government? Independently appointed industry bodies? Or will data savvy organizations preempt this bourgeoning debate and self-regulate in order to maintain transparency and trustworthiness? More broadly, should the advent of Big Data distress or entice us? Is more detailed customer profiling, enabled by Big Data Analytics, really something to fear? Or will it simply result in better-tailored products, services and therefore more satisfied consumers?