As data becomes an asset with real market power, turbocharging compliance and seeking consent is vital for any business creating and exploiting data as part of their day-to-day practices.
Technology and healthcare partner Toby Patten was speaking at law firm Baker Mckenzie’s Asia-Pacific Technology Conference when he warned attendees about data monetisation and dealing in highly sensitive information.
Mr Patten warned that “where you are collecting personally identifiable data, if you are collecting it from third parties, and if you are using it for an unanticipated purpose or retaining it for longer than usual, all these kinds of factors could build into potential conflicts with Australia’s privacy laws.”
For organisations looking at data monetisation, he flagged best practice as suggested by the Office of the Australian Information Commissioner (OAIC), which is that companies and organisations “should be using de-identified data when possible, because then you are not within the confines of the Privacy Act”.
Mr Patten said “the flipside is, with all the technology and all the data that’s out there, de-identification is proving more and more difficult to achieve”, and “an almost impossible threshold to attain,” so organisations should be aware of their uses for, and collection of, highly sensitive information.
A strong and common theme of data collection and use is consent, which Mr Patten said must be “informed, current and specific” across the EU and Australia. He said the GDPR requires an additional duty “for unambiguous consent obtained through clear and affirmative action.”
While the GDPR requirement “is possibly more prescriptive than what we have in Australia”, Mr Patten suggested this is all fine, but does bring up an issue of “information asymmetry”, which is a concerning trend between digital platforms and consumers.
Answering the question of “what can companies do to ensure adequate consents are obtained from consumers?”, Mr Patten said the GDPR and the EU data commission is focusing on pushing people and organisations to implement more interactive policy styles, which are likely to become more common. These can include videos to explain the policy, pull down menus covering specific topics, and more digestible styles or length of policy.
He sees consent as an opportunity for organisations to go out there and proactively explain what they are doing with a consumer’s data.
Mr Patten reflected on a quote from UK information commissioner Elizabeth Denham who said, “a lot of energy and effort is being spent on trying to find a way to avoid consent and these lengthy policies could be seen as an attempt to avoid consent because they’re impenetrable. That energy and effort would be much better spent establishing informed, active, unambiguous consent.”
Ultimately, he said, we are moving more towards informed consent, “and with that informed consent comes greater use of data, and greater opportunities for use of that data”.
Mr Patten’s comments follow similar assertions by a senior Google executive, who said customer consent for data collation is crucial to navigating the privacy and security minefield.
- Opinion: House prices not all doom and gloom
By Adam Zuchetti
- Analysis: How can SMEs realistically stay competitive?
By Adam Zuchetti
- Opinion: Victim blaming shows extent of harassment culture
By Adam Zuchetti