As data becomes an asset with real market power, turbo-charging compliance and seeking consent is vital for any business creating and exploiting data as part of their day-to-day practices.
Technology and healthcare partner Toby Patten was speaking at Baker Mckenzie’s Asia-Pacific Technology Conference when he warned attendees about data monetisation and dealing in highly sensitive information.
Mr Patten warned “where you are collecting personally identifiable data, if you are collecting it from third parties, and if you are using it for an unanticipated purpose or retaining it for longer than usual, all these kinds of factors could build into potential conflicts with Australia’s privacy laws.”
For organisations looking at data monetisation, he flagged best practice as suggested by the Office of the Australian Information Commissioner (OAIC), which is that companies and organisations “should be using de-identified data when possible, because then you are not within the confines of the Privacy Act.”
Mr Patten said “the flipside is, with all the technology and all the data that’s out there, de-identification is proving more and more difficult to achieve”, and “an almost impossible threshold to attain,” so organisations should be aware of their uses for, and collection of, highly sensitive information.
A strong and common theme of data collection and use, is consent, which Mr Patten said must be “informed, current and specific” across the EU and Australia. He said the GDPR requires an additional duty “for unambiguous consent obtained through clear and affirmative action.”
Answering the question of ‘what can companies do to ensure adequate consents are obtained from consumers?’, Mr Patten said the GDPR and the EU data commission is focusing on pushing people and organisations to implement more interactive policy styles, which are likely to become more common. These can include videos to explain the policy, pull down menus covering specific topics, and more digestible styles or length of policy.
He sees consent as an opportunity for organisations to go out there and pro-actively explain what they are doing with a consumer’s data. He reflected on a quote from UK information commissioner Elizabeth Denham, who said “a lot of energy and effort is being spent on trying to find a way to avoid consent and these lengthy policies could be seen as an attempt to avoid consent because they’re impenetrable, that energy and effort would be much better spent establishing informed, active, unambiguous consent.”
Mr Patten says ultimately, we’re moving more towards informed consent, “and with that informed consent comes greater use of data, and greater opportunities for use of that data.”