Big data vs. big regulation: Will changing the rules empower consumers?

Businesses continue to develop new and exciting ways to use the information they collect about their customers, but means of collecting and using data are evolving at a faster pace than the rules and regulations, writes Fergus Jarvis, partner at OC&C Strategy Consultants

Related topics
Architecture
Big data
Data

Related articles

Big data is the future of industry, says GE
Big data will stop public-sector fraud: SAS
Big noise about big data
Big noise about big data
Big data won’t be mature for at least five years, Gartner predicts

Share article

Short of time?

Print this pageEmail article

'While the issue regulators are tackling is a real one, there still hasn’t been a concerted effort to empower consumers to take control of how they share their personal information'

 

2014 will be a year of change for big data. In the spring of this year, EU regulation on how businesses can use and share big data is set to be finalised and due to come into effect over the next two years.

The aim of the new European Data Protection Regulation is to harmonise data protection laws in place across EU member states, therefore having wide-reaching implications for both businesses and consumers.

It's possible that, in regulating these behaviours, big data initiatives will be deemed too risky or too expensive for most companies to implement. It therefore may actually end up preventing data from being used to ensure consumers get the best deals - on everything from mortgages through to insurance.

As a result, it is crucial that new laws tackling the regulation of big data strike the right balance between protecting the consumer and ensuring they benefit from the advantages of companies using big data responsibly.

While the issue regulators are tackling is a real one, there still hasn’t been a concerted effort to empower consumers to take control of how they share their personal information. Recent OC&C research has revealed that about a third of consumers give consent for their data to be used as part of a purchase or signing up process.

While older generations appear to be more wary of sharing their personal information, younger people are less concerned about this. It will also come as no surprise that only a quarter of those giving their consent to use their personal data actually read the consent form.

There is a concern from regulators that many consumers fail to appreciate the nature of the conditions they are signing up to and the implications around how their data will be used.

The impact of new regulation could be wide-reaching for every type of business, from search engines to social media platforms, online retail and credit reference agencies. Many of these are unprepared for the changes they will have to adhere to.

>See also: Oracle's big data forecast 2014

Businesses are currently capturing and sharing data in hundreds of different ways and will be required to do so far more transparently, implying a level of cost and resource investment. With mixed opinion on the return on investment surrounding big data initiatives already, some may not be able to justify these costs in the future.

For instance, IP addresses are set to be considered personal data within these new regulations, limiting the ability of e-commerce sites to use cookies to provide personalised experiences on their websites.  

This will mean that many of the more pioneering initiatives to leverage Big data could be hindered. The risk of falling foul of the new regulations and proposed fines of up to 2% of revenues is too great.

Equally, the increased costs, efforts associated with extracting, managing and auditing captured data to comply with the new regulations, and the potential lack of short term ROI, could mean these initiatives become unpalatable for CMOs.

Big data regulation is also being addressed at a national level. The UK Government is responding to the challenges and opportunities associated with regulating big data through its MiData initiative – designed initially with energy and finance companies in mind, but ultimately intended to govern a broader range of industries – which requires them to share the personal information they capture about an individual.

While the theory behind the initiative is sound, in practice, the effectiveness of MiData is highly questionable. OC&C research shows that there is little knowledge of MiData, so there is a question around whether - without awareness and demand from consumers for greater control over their data - it will achieve what it set out to. There is also a lack of precision around what is meant by ‘sharing’ data that has not been defined.

To empower consumers, there needs to be a standardised mechanism and set of information standards that makes the capturing and sharing of data valuable for both businesses and consumers. While this is simple in theory, in practice it’s extremely challenging.

>See also: Hadoop co-founder believes the future of big data is the Enterprise Data Hub

These types of mechanisms exist for other data types – for example, financial information about consumers is managed by credit bureaus. But, as regulators appear reluctant or unable to drive standardised methodologies themselves, it is highly probable that they will need to turn to these players to enable the process.

At present, however, there remains a schism in regulators’ minds around the extent to which these types of initiatives exploit consumers compared to how they can provide them with real benefits. These need to be resolved before real progress can be made.

To really drive consumer value, the regulatory environment needs to focus less on punishing companies that are trying to leverage intelligent approaches to market-targeted offers to consumers, and more on simple mechanisms that enable a consumer to control the sharing of their data to get the best offers i.e. what information, to which selected parties, and over what time period.

From a corporate perspective, the real take away from the changing regulatory landscape is that big data approaches to customer prospecting and management are auditable, fair and have real clarity around the nature of consent given for data usage. To de-risk these initiatives we expect third parties to be heavily involved in managing corporate risk from these efforts.