In the wake of the Panama Papers scandal, it seems that everywhere you look there is some kind of story about data privacy. Whether it's big-time leaks or personal data scares, the security of our personal data is constantly in question.

Last year a report conducted by the Digital Catapult found that the majority of British consumers did not trust organisations with their data and did not appreciate the benefits of sharing personal data.

Another survey, by Intel Security, discovered that just 13 per cent of the public trusts cloud providers to secure sensitive data. As a nation we are skeptical of how businesses use our data and the methods they use to store it.

Yet, every one of us is demanding more personalised services, which can only be provided if we relinquish our hold over private data. You call a customer service helpline, you expect the agent to know you and the details of your account. If you get offers from retailers, you expect them to be relevant. This demand presents us with a 'Data Privacy Paradox', as although we expect these services we are incredibly reluctant to knowingly offer up our data.

This is particularly true within the health sector. If you undergo hospital treatment, you expect everyone involved to have the right information about you. Imagine being taken unconscious to A&E, and being given a drug injection which you are allergic to. It might have been given with the best possible intent, but imagine if the paramedics don't know your allergies because "personal privacy" concerns are stopping the appropriate databases being joined up in the ambulance.

This is not the case in all industries. Some insurance companies are already offering discounts or special offers if you allow them access to your driving habits. Take your fitness data gathered from your wristband, for example. It doesn't sound too bad. But would you offer up access to your DNA code if it could help forecast likely illnesses in future? As they say in the financial ads, your premiums might go down or up...

On the other hand, if medical and health planners had a view of a population's aggregated DNA profile, they could use this to predict future services needs, doctor specialty training and the like.

This was attempted by the NHS's initiative, a centralised programme that anonymously analysed patient data and made this available to insurance companies and drug producers to help predict trends to aid the research of new drugs and adjust general policies towards certain diseases. However, many people were incorrectly led to believe that their personal medical data was shared for the benefit of corporate pharmaceutical companies and insurance providers.

The issues came largely from a lack of constructive education about the benefits of aggregation. Instead of it being seen as a way of better understanding disease trends and thus planning the best possible NHS services, it was hyped in the press as drug companies making money off GP data and personal privacy being invaded. Education goes a long way.

In fact, aggregated data is often more useful than individual data. Analysis allows aggregators to predict macro trends, which is the only way to run any enterprise or business at the strategic level.

So where does that leave us with the Data Privacy Paradox?

Personal privacy is not usually breached at the point of collection, or when it is anonymised and aggregated. Privacy is breached when the data is actually used on an individual basis in ways that the individual does not want it to be used. We have long accepted data being collected about us, from the traditional population census to retailer loyalty cards. And don't forget that the UK has the highest use of surveillance cameras in the world. We just ignore being photographed, in the belief that it will help the police catch the bad guys.

One thing is clear: data collection is everywhere and is gathering pace.

EU Data Protection Reform (DPR) will go a long way to protecting individual rights, stating that we must all have easier access to our own data (to understand what data is held about us and by who). We should have clearer information on how our data is processed and used; and there must be a right to data portability, making it easier to transfer our personal data between providers.

So, when setting our regulatory framework, what should be considered?

First, the use of data should be transparently declared – no unreadable service agreements. The UK Kite Mark could be a very interesting approach to make the issues clear.

Second, the data should be used in ways that are clearly beneficial to the individual that the data is collected from, and this should be declared.

Third, aggregated use of personal data should also be declared, with its benefits clearly stated.

Think of these three points as two-way education – for both the business and the individuals whose data is being collected.

Ultimately, there are no easy answers here, but there are definitely steps to be taken to handle the Data Privacy Paradox in ways that are beneficial to everyone concerned. Fundamentally, that starts with the benefits to the individuals from whom the data is collected in a fair and open exchange.


By Mick Yates, Director of Partner Strategy at Starcount, the predictive insight company

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at

comments powered by Disqus