The Information Commissioner’s Office (ICO) has set out how big data can – and must – operate within data protection law.

But the report outlines that operating within the law should not be seen as a barrier to innovation.

Big data is a way of analysing data that typically uses massive datasets, brings together data from different sources and can analyse the data in real time. It often uses personal data, be that looking at broad trends in aggregated sets of data or creating detailed profiles in relation to individuals, for example lending or insurance decisions. 

The ICO’s report sets out how the law applies when big data uses personal information. It details which aspects of the law organisations need to particularly consider, and highlights that organisations can stay the right side of the law and still innovate.

Announcing the publication of the report Steve Wood, the ICO’s Head of Policy Delivery, said:

“There is a buzz around big data and emerging evidence of its economic and social benefits. But we’ve seen a lot of organisations who are raising questions about how they can innovate to find these benefits and still comply with the law. Individuals too are showing they’re concerned about how their data is being used and shared in big data type scenarios.

“What we’re saying in this report is that many of the challenges of compliance can be overcome by being open about what you’re doing. Organisations need to think of innovative ways to tell customers what they want to do and what they’re hoping to achieve.

“Not only does that go a long way toward complying with the law, but there are benefits from being seen as responsible custodians of data.”

The report also addresses concerns raised by some commentators that current data protection law doesn’t fit with big data.

“Big data can work within the established data protection principles. The basic data protection principles already established in UK and EU law are flexible enough to cover big data. Applying those principles involves asking all the questions that anyone undertaking big data ought to be asking. Big data is not a game that is played by different rules.

 “The principles are still fit for purpose but organisations need to innovate when applying them”

Download Big data and data protection (pdf) 

ENDS

If you need more information, please contact the ICO press office on 
0303 123 9070 or visit the website at: ico.org.uk.

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
 
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
 
3. The ICO is on TwitterFacebook and LinkedIn. Read more in the ICO blogand e-newsletter.Our Press Office page provides more information for journalists.
 
4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

Fairly and lawfully processed
Processed for limited purposes 
Adequate, relevant and not excessive 
Accurate and up to date 
Not kept for longer than is necessary 
Processed in line with your rights 
Secure 
Not transferred to other countries without adequate protection