In a world where big data analytics is increasingly used across all sectors, artificial intelligence ("AI") and machine learning are introduced on a bigger scale, and the implementation of the European General Data Protection Regulation ("GDPR") is imminent, the ICO published on 3 March 2017 an updated paper addressing these topics (the "Paper").
The Paper defines big data, AI and machine learning and recognises the benefits that can flow from big data analytics. The Paper also analyses the main implications for data protection because although big data, AI and machine learning increasingly are viewed as 'business as usual', the key characteristics of big data analytics (and the use of personal data in a big data context) are challenging from a data protection perspective. It concerns issues as the volume of data, the way data is generated, the tendency to find new uses for data, the complexity of data processing and the possibility of unexpected individual consequences. The Paper highlights the potential difficulties that might arise in that context.
The ICO's main message is that while data protection can be challenging in a big data context, it is not necessary to compromise data privacy rights in order to benefit from big data analytics, and indeed meeting data protection requirements will benefit both organisations and individuals.
In its Paper, the ICO recommends that organisations should:
- consider whether the use of big data analytics requires the processing of personal data, and use appropriate techniques to anonymise personal data;
- be transparent about their processing of personal data by providing meaningful privacy notices;
- embed a privacy impact assessment framework into their big data processing activities;
- adopt a privacy by design approach in the development and application of their big data analytics;
- develop ethical principles to help reinforce key data protection principles; and
- implement innovative techniques to develop auditable machine learning algorithms.
The ICO does not consider the Paper to be the end of its work on big data analytics and data protection, and intends to continue its work via several current and planned activities. The ICO also underlines that in the world of big data, AI and machine learning, it will (continue to) use its powers in responding to data protection legislation breaches, including enforcement notices and monetary penalty notices.
With this in mind, and the fact that the challenges and opportunities of big data analytics are of particular relevance and important to the insurance sector, on 16 January 2017 the ICO and the Financial Conduct Authority ("FCA") jointly organised an industry forum (the "Forum"). The Forum was an opportunity for the ICO and the FCA to hear concerns and questions from the insurance sector, and explore themes such as 'how to benefit from big data analytics whilst respecting the rights of customers, maintaining people's trust and complying with the law'.
On 1 March 2017, a summary of the Forum was published detailing the discussion topics, the issues raised and the views expressed.
Data driven businesses should ensure they adopt the six recommendations the ICO mentions in its Paper. Organisations should also continue to monitor ICO's view and guidance on big data, AI and machine learning. Organisations are also advised to read the Forum summary as it sets out sector specific concerns and information in relation to big data.
The full summary of the Forum can be found here.
The ICO's Paper can be accessed here.