Receive the latest mybusiness news
Copyright © 2020 MOMENTUMMEDIA

Want to monetise data? Ask first, lawyer warns

Grace Ormsby
Grace Ormsby
09 August 2018 2 minute readShare

As data becomes an asset with real market power, turbocharging compliance and seeking consent is vital for any business creating and exploiting data as part of their day-to-day practices.

Technology and healthcare partner Toby Patten was speaking at law firm Baker Mckenzie’s Asia-Pacific Technology Conference when he warned attendees about data monetisation and dealing in highly sensitive information.

Mr Patten warned that “where you are collecting personally identifiable data, if you are collecting it from third parties, and if you are using it for an unanticipated purpose or retaining it for longer than usual, all these kinds of factors could build into potential conflicts with Australia’s privacy laws.”


For organisations looking at data monetisation, he flagged best practice as suggested by the Office of the Australian Information Commissioner (OAIC), which is that companies and organisations “should be using de-identified data when possible, because then you are not within the confines of the Privacy Act”.

Mr Patten said “the flipside is, with all the technology and all the data that’s out there, de-identification is proving more and more difficult to achieve”, and “an almost impossible threshold to attain,” so organisations should be aware of their uses for, and collection of, highly sensitive information.


A strong and common theme of data collection and use is consent, which Mr Patten said must be “informed, current and specific” across the EU and Australia. He said the GDPR requires an additional duty “for unambiguous consent obtained through clear and affirmative action.”

While the GDPR requirement “is possibly more prescriptive than what we have in Australia”, Mr Patten suggested this is all fine, but does bring up an issue of “information asymmetry”, which is a concerning trend between digital platforms and consumers.

Coined by the Australian Competition and Consumer Commission, information asymmetry suggests data platforms which are monetising customers’ personal data are not adequately informing consumers of their practices through use of pre-ticked boxes and lengthy terms of use.

Answering the question of “what can companies do to ensure adequate consents are obtained from consumers?”, Mr Patten said the GDPR and the EU data commission is focusing on pushing people and organisations to implement more interactive policy styles, which are likely to become more common. These can include videos to explain the policy, pull down menus covering specific topics, and more digestible styles or length of policy.



He sees consent as an opportunity for organisations to go out there and proactively explain what they are doing with a consumer’s data.

Mr Patten reflected on a quote from UK information commissioner Elizabeth Denham who said, “a lot of energy and effort is being spent on trying to find a way to avoid consent and these lengthy policies could be seen as an attempt to avoid consent because they’re impenetrable. That energy and effort would be much better spent establishing informed, active, unambiguous consent.”

Ultimately, he said, we are moving more towards informed consent, “and with that informed consent comes greater use of data, and greater opportunities for use of that data”.

Mr Patten’s comments follow similar assertions by a senior Google executive, who said customer consent for data collation is crucial to navigating the privacy and security minefield.

Want to monetise data? Ask first, lawyer warns
mybusiness logo
Grace Ormsby
Grace Ormsby

Adam Zuchetti is the editor of My Business, and has steered the publication’s editorial direction since early 2016. 

The two-time Publish Awards finalist has an extensive journalistic career across business, property and finance, including a four-year stint in the UK. Email Adam at [email protected]

Leave a Comment

Latest poll

Should the government make further amendments to JobKeeper?