Goodbye job applications, hello dream career
Seize control of your career and design the future you deserve with LW career

Want to monetise your data? Ask for it

As data becomes an asset with real market power, turbo-charging compliance and seeking consent is vital for any business creating and exploiting data as part of their day-to-day practices.

user iconGrace Ormsby 09 August 2018 Corporate Counsel
Data
expand image

Technology and healthcare partner Toby Patten was speaking at Baker Mckenzie’s Asia-Pacific Technology Conference when he warned attendees about data monetisation and dealing in highly sensitive information.

Mr Patten warned “where you are collecting personally identifiable data, if you are collecting it from third parties, and if you are using it for an unanticipated purpose or retaining it for longer than usual, all these kinds of factors could build into potential conflicts with Australia’s privacy laws.”

 
 

For organisations looking at data monetisation, he flagged best practice as suggested by the Office of the Australian Information Commissioner (OAIC), which is that companies and organisations “should be using de-identified data when possible, because then you are not within the confines of the Privacy Act.”

Mr Patten said “the flipside is, with all the technology and all the data that’s out there, de-identification is proving more and more difficult to achieve”, and “an almost impossible threshold to attain,” so organisations should be aware of their uses for, and collection of, highly sensitive information.

A strong and common theme of data collection and use, is consent, which Mr Patten said must be “informed, current and specific” across the EU and Australia. He said the GDPR requires an additional duty “for unambiguous consent obtained through clear and affirmative action.”

While the GDPR requirement “is possibly more prescriptive that what we have in Australia”, Mr Patten says this is all fine, but does bring up an issue of “information asymmetry”, which is a concerning trend between digital platforms and consumers. Coined by the ACCC, information asymmetry suggests data platforms which are monetising customers’ personal data are not adequately informing consumers of their practices through use of pre-ticked boxes and lengthy terms of use.

Answering the question of ‘what can companies do to ensure adequate consents are obtained from consumers?’, Mr Patten said the GDPR and the EU data commission is focusing on pushing people and organisations to implement more interactive policy styles, which are likely to become more common. These can include videos to explain the policy, pull down menus covering specific topics, and more digestible styles or length of policy.

He sees consent as an opportunity for organisations to go out there and pro-actively explain what they are doing with a consumer’s data. He reflected on a quote from UK information commissioner Elizabeth Denham, who said “a lot of energy and effort is being spent on trying to find a way to avoid consent and these lengthy policies could be seen as an attempt to avoid consent because they’re impenetrable, that energy and effort would be much better spent establishing informed, active, unambiguous consent.”

Mr Patten says ultimately, we’re moving more towards informed consent, “and with that informed consent comes greater use of data, and greater opportunities for use of that data.”