How far can companies go to monetise personal data?

08 April 2013

Bristows, London, UK


ICO Roundtable: What is Big Data? How does it fit within the legislative framework?

Click here for the full programme. 

9.30 Host's welcome: Hazel Grant, Partner, Bristows, London

9.35 Chairman's introduction:
Stewart Dresner, Chief Executive, Privacy Laws & Business

9.45 Big Data Part 1

Is Big Data a new concept which requires a new approach to data protection law? Or the extension of existing data collection/use activities on a vast scale which raises the same data protection law concerns about lack of transparency and decisions being made of which the individual is unaware? This session will bring you up to speed about what Big Data actually means and its significance to businesses and consumers as data processing capacities increase exponentially.

We will explore with the help of companies which are actively using Big Data techniques to process loyalty card data, geolocation data, and television and video watching data:

  • What is Big Data?
  • How does it affect consumers for better and worse?
  • How does it fit within the legislative framework?
  • How far can your company safely go with manipulating personal data and sensitive data?
  • Where are the grey areas?
  • How far can your company go to monetise personal data?
  • What are the sanctions now if your company steps outside the boundaries?
  • Which regulatory changes are ahead?

Each of the following to speak for up to 20 minutes with 15 - 20 minutes for Roundtable discussion after each presentation:

Jeremy Henderson-Ross, Legal Director and General Counsel, EMEA, Aimia, London: How the Nectar card's operational guidelines fulfil both its commercial objectives and its Data Protection Act requirements

Simon Hania, Director of Privacy & Data Protection, TomTom, The Netherlands: How Tom Tom manages individuals' location data and satisfies any privacy concerns and the law

  • Case: TomTom HD Traffic- crowd sourced traffic information
  • Data protection specifics of location services
  • Enacting privacy by design
  • Managing regulator scrutiny

11.00 Break

11.20 Big Data Part 2

Nina Barakzai, Group Head of Data Protection & Privacy, BSkyB, UK: Privacy issues to think about when considering Big Data

Zsuzsanna Belenyessy, Legal Officer, Secretariat of the European Data Protection Supervisor (EDPS), Brussels: Challenges of Big Data and profiling to individuals' privacy: Opportunities in the EU proposed Data Protection Regulation to redress the balance

  • Transparency and choice: Disclosure of the 'logic of decision-making' and the role of explicit consent
  • Sharing the value in the data: Access to data and data portability
  • The role and limits of anonymisation techniques

Hazel Grant, Partner, Bristows on the potential legal impact of the EU Data Protection draft Regulation on aspects of Big Data

Jonathan Bamford, Head, Strategic Liaison, Information Commissioner's Office, Cheshire

13.00h. Lunch

14.00h: midata

The government's midata project is under the leadership of the Department for Business, Innovation & Skills (BIS) to give consumers improved access to information held about them. The midata project works with businesses to give consumers better access to the electronic personal data that companies hold about them and aims to give them greater control of their data.

Businesses can take part on a voluntary basis, but the government is now introducing legislation to force participation in the banking, mobile phone and energy sectors. Some of the UK's biggest companies are already working on the project including Google, British Gas, Lloyds TSB and O2.

The BIS website explains the project as follows: Giving people greater access to electronic records of their past buying and spending habits can help them to make better buying choices. For example, data that a phone company holds about your mobile use may help you choose a new tariff.

midata aims to:

  • get more private sector businesses to release personal data to consumers electronically
  • make sure consumers can access their own data securely
  • encourage businesses to develop applications (apps) that will help consumers make effective use of their data"

Each of the following to speak for up to 15 minutes with around 12 minutes for Roundtable discussion after each presentation.

1. Stella Yarrow, Assistant Director, Consumer and Markets Team, Department for Business, Innovation & Skills: 'Why the Government is backing midata, and what it means for consumers and businesses'

2. Denica Lundberg, Senior Manager, Retail Competition and Regulatory Strategy, Lloyds Banking Group: "Customer advocacy and factors for success"

  • Developing tools aligned to customer need
  • Consumer understanding and trust
  • Role of comparison and aggregator sites
  • MiData in relation to current and proposed legislation

3. Jeremy Henderson-Ross, Legal Director and General Counsel, EMEA, Aimia, London, who is a member of the midata strategy board

4. Hazel Grant, Partner, Bristows on data portability rights under the EU draft DP Regulation

5. Steve Wood, Head of Policy Delivery, Information Commissioner's Office, Cheshire which is one of the organisations working with the BIS on midata

15.30 Tea

15.45 midata (continued)

16.30 Personal Data Stores

Personal data stores (PDS) help individuals gather, store, manage, use and share their own data under their own control. The data may be structured or unstructured; text, images, sound or video. It may have many different uses: admin data and contacts; or records of transactions and interactions, bookmarks, clickstream data, bills and statements; or more personal information such as profiles, plans and projects, preferences.

PDSs may focus on particular area such as 'my health' or 'my education records'; they may specialise in particular functions such as 'managing my online presence' or 'the administrative details of my life', or they may offer a general personal data management service.

They may store the data in one particular location, or operate in a federated way acting as a hub connecting data from many different sources.


William Heath, Founder and Chair, Mydex, a company providing a Personal Data Store service and Marc Dautlich, Partner, Pinsent Masons, London: Personal data stores: What is the potential, and where do they fit in with the Data Protection Act?

16.50 Roundtable discussion on Personal Data Stores with comments by Jonathan Bamford and Hazel Grant

17.30 Close