Information Commissioner's Office
Big data ‘not a game played by different rules’, says regulator
The Information Commissioner’s Office (ICO) has set out how big data can – and must – operate within data protection law.
But the report outlines that operating within the law should not be seen as a barrier to innovation.
Big data is a way of analysing data that typically uses massive datasets, brings together data from different sources and can analyse the data in real time. It often uses personal data, be that looking at broad trends in aggregated sets of data or creating detailed profiles in relation to individuals, for example lending or insurance decisions.
The ICO’s report sets out how the law applies when big data uses personal information. It details which aspects of the law organisations need to particularly consider, and highlights that organisations can stay the right side of the law and still innovate.
Announcing the publication of the report Steve Wood, the ICO’s Head of Policy Delivery, said:
“There is a buzz around big data and emerging evidence of its economic and social benefits. But we’ve seen a lot of organisations who are raising questions about how they can innovate to find these benefits and still comply with the law. Individuals too are showing they’re concerned about how their data is being used and shared in big data type scenarios.
“What we’re saying in this report is that many of the challenges of compliance can be overcome by being open about what you’re doing. Organisations need to think of innovative ways to tell customers what they want to do and what they’re hoping to achieve.
“Not only does that go a long way toward complying with the law, but there are benefits from being seen as responsible custodians of data.”
The report also addresses concerns raised by some commentators that current data protection law doesn’t fit with big data.
“Big data can work within the established data protection principles. The basic data protection principles already established in UK and EU law are flexible enough to cover big data. Applying those principles involves asking all the questions that anyone undertaking big data ought to be asking. Big data is not a game that is played by different rules.
“The principles are still fit for purpose but organisations need to innovate when applying them”
If you need more information, please contact the ICO press office on
0303 123 9070 or visit the website at: ico.org.uk.
Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
3. The ICO is on Twitter, Facebook and LinkedIn. Read more in the ICO blogand e-newsletter.Our Press Office page provides more information for journalists.
4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Not transferred to other countries without adequate protection
Latest News from
Information Commissioner's Office
New UK Information Commissioner begins term04/01/2022 13:20:00
John Edwards begins his new role as UK Information Commissioner today (Tuesday 4 January).
ICO and NHS Test and Trace agree data protection improvements following consensual audit22/12/2021 12:25:00
The ICO has issued NHS Test and Trace with recommendations to strengthen the protection of people’s personal data, so it can continue to play a vital role in tackling the pandemic.
ICO invites comments on how it uses its powers to investigate, regulate and enforce21/12/2021 12:25:00
The Information Commissioner’s Office (ICO) has launched a consultation to gather the views of stakeholders and the public on how it regulates the laws it monitors and enforces.
Cabinet Office fined £500,000 for New Year Honours data breach02/12/2021 14:38:00
The Information Commissioner’s Office (ICO) has fined the Cabinet Office £500,000 for disclosing postal addresses of the 2020 New Year Honours recipients online.
ICO issues its largest fine to tackle illegal pension cold calls02/12/2021 12:25:00
The Information Commissioner’s Office (ICO) has fined EB Associates Group Limited £140,000 for instigating over 107,000 illegal cold calls to people about pensions.
ICO issues provisional view to fine Clearview AI Inc over £17 million30/11/2021 13:05:00
The Information Commissioner’s Office (ICO) has announced its provisional intent to impose a potential fine of just over £17 million on Clearview AI Inc – a company that describes itself as the ‘World’s Largest Facial Network’.
The certainty of change: regulation in a time of political and social challenges.29/11/2021 12:25:00
Elizabeth Denham reflects on her time at the ICO, in a speech delivered to BCS, The Chartered Institute for IT (26 November 2021).
ICO calls on Google and other companies to eliminate existing privacy risks posed by adtech industry26/11/2021 12:25:00
The Information Commissioner’s Office (ICO) yesterday set out clear data protection standards that companies must meet to safeguard people’s privacy online when developing new advertising technologies (adtech).