About Nesta

Nesta is an innovation foundation. For us, innovation means turning bold ideas into reality and changing lives for the better. We use our expertise, skills and funding in areas where there are big challenges facing society.

Striking a balance: Data protection vs. Data Driven Innovation

Data use

If we don’t get the balance right between data protection and data driven innovation, the UK economy will suffer and personal data will be misused.

The UK economy is increasingly powered by the analysis of large amounts of data. This allows companies to hone, target, and refine their product offerings to individual consumers. The volumes of data and content held digitally are expanding, but so are the ways that businesses can access, filter and understand this information, helping them to improve their efficiency and grow.                                                   

At the same time, these developments are giving companies unprecedented insights into consumer behaviour and preferences at the level of the individual – information that people have previously taken for granted as ‘private’. This tension is addressed in the BIS document:  A strategy for UK data capability, where it is suggested that these aims should be achieved concurrently, not at the expense of each other.

There are a wide range of perspectives about the implications of data’s growing role in everyday life. At one end of the spectrum, there is distrust of the use of data beyond limited, specifically identified purposes. At the other end, the recognition that data is a valuable asset suggests that it’s more widespread and open-ended use could empower innovation and economic opportunity. McKinsey estimates that big data will contribute up to $325 billion to US GDP by 2020, while the OECD has included big data in its group of knowledge-based capital assets that will act as new sources of growth to advanced economies. In the UK, Cebr suggests that data equity was worth £25.1 billion in 2011.

Data use for targeting advertising is a hot topic in Data Driven Innovation (DDI) debates. But beyond this, the use of customer data for operational efficiency has not tended to attract much attention. Companies that would like to process data need to do two things. First, they should notify the Information Commissioner’s Office that they are doing so (though there are many exceptions). Secondly, they need to adhere to eight principles embodied in the Data Protection Act (1998).

The storage of other kinds of data represents a greater potential privacy risk to individuals than advertising data. Data used to improve commercial operations often has the purpose of linking online data to a real person and their actions. In contrast, most data stored for online advertising is attached to an anonymous profile through an IP address. It is far more difficult for an external party to tie such data back to a specific individual user than the kind of data used for product personalisation.  

Many online retailers use personal data to manipulate prices for goods and services. This reflects how much they think the consumer is willing to pay and may suggest social welfare benefits, though could be seen as anti-competitive. Data on location, purchase history, and salary estimates can be collected from browsing history on the internet. For instance, ABC News producers in New York attempted to purchase one pack of pens from Staples.com at the same time. The price on one computer was $15.19 and on the other $13.79. Nationally, the differences are as noticeable; the pens were $14.49 when in Charlotte, North Carolina and $13.79 in Los Angeles.

On the other side of the coin, controversy has emerged around data privacy issues like The Right to be Forgotten in the EU.  Some digital innovators have raised concerns about the regulatory burden; in the case of Google 12,000 requests to remove information from search results were received within 24 hours, averaging one every seven seconds.

Data policy

Policy recommendations should take a balanced view of data driven innovation to stimulate best practice, increase consumer awareness and protect privacy. Government can play a role in five areas:

  1. Skills for data use

Government can help increase the skills base necessary to leverage big data. Education, immigration, organisational leadership and business training skills can be developed to increase both the pipeline of graduates and latent labour pool with the right skills.

  1. Ethical data management

The Information Commissioner’s Office (ICO) can play a greater role in business use of data. The promotion of company accountability to data standards, and reinforcement in the public domain of data issues will reaffirm trust in the use of personal and preference led data for commerce. The work of the ICO could be reinforced by an industrial charter on data management – this could be industry led and independently regulated, as in the case of The Media Standards Trust.

  1. Data sharing

Governments can play an important role in creating the conditions for the functioning of effective markets, including setting rules related to intellectual property and the arbitration of disputes. Innovation may function, and even be boosted, when firms deliberately waive some of their Intellectual Property Rights (IPRs). Nonetheless, this strategy relies on strong IPR regulation to provide default protection. Recent technological developments, above all the Internet and data sharing software, have created uncertainty about whether extant copyright regulation and according business models will be sustainable in the future. IPRs should reflect these data driven innovation concerns such as the usage of firms’ technical inventions and product piracy. But they should also not be so restrictive as to prevent UK innovators who use data from competing with their counterparts in less restrictive IP regimes.  

  1. Secure data storage

There are currently barriers to data sharing linked to protection. Current data storage and transfer will not provide adequate protection against viruses and malware, software vulnerabilities or data getting into the wrong hands. Solutions to these problems could be mediated by secure data repositories where products are available to ensure data security.

  1. Privacy policy

The UK should embrace the EU wide, one-stop-shop data protection approach that is essential for achieving a European Digital Single Market. This would harmonise data protection policy across the EU, with stakeholders applying to national government representatives in the case of an EU data protection issue. The European Commission suggest that asymmetrical data protection legislation is having a negative effect on business through legal fees and knowledge access. Currently, the system could be prohibitive for UK data trade with Europe.

The US and EU have shared core values for data protection including Fair Information Privacy Practices (FIPPS), co-regulation and accountability. However, there is a tension between EU and US legislative approaches; with US data protection more open and market led. Fundamentally, new European legislation should ensure that the one-stop-shop approach does not restrict data transfer across the EU, which would impact on competitiveness of EU companies.

Policy should not be too restrictive; over legislating data will stifle innovation. There are many ways that data innovation can be promoted in the UK. However, government has to act to protect the consumer.


George Windsor

George Windsor

George Windsor

Senior Policy Researcher

George was a Senior Policy Researcher in the Creative and Digital Economy team.

View profile