Data PrivacyNavigating the Landscape of Data Sharing from the Point of user and Business perspective

January 31, 20240

INTRODUCTION

For businesses to thrive in the modern day, it is essential to have an online presence and one of the most valuable new-age resources for companies has become data. Having a website or a strong online presence can be extremely beneficial for marketability and maintaining client relationships through updates and support.

More importantly, the use of such data to further grow the business is another requirement of modern-day business expansion. Such data can be used to grow business by outsourcing certain parts of their services, partnerships, and collaborations, analytics, and insights about the customers

However, access to, and management of this data entails a new risk under the jurisdictional data protection laws as often under such legislative framework, companies must fulfill several additional obligations towards data subjects/principles, clients, and regulatory authorities.

Customers must be made aware of what data has been collected about them, how it will be used, shared, and stored. Data partners must be chosen wisely as it is not about a single entity but each individual connected to the organization.

WHAT IS DATA SHARING?

Data Sharing is the process of making the availability of the same data resources to multiple individuals and organizations. It may include customer behaviour data, intellectual property, legal frameworks, technologies, secrets , and other cultural elements. These fundamentals facilitate secure data access to the entities.

Engaging in data exchange partnerships entails inherent risks. While data sharing is a potent tool for enhancing insights, decision-making, and innovation, careful consideration of risks and benefits is crucial, particularly with sensitive information. Sharing data with research firms aids in understanding customer needs, identifying trends, and optimizing market campaigns.

Additionally, sharing internal financial information with auditors, investors, or lenders contributes to securing funds, regulatory compliance, improved financial transparency, and performance measurement.

IMPORTANCE OF USER DATA AND MARKET DATA FOR BUSINESSES

Data sharing model was used long before the Internet came into existence. The introduction of the Internet popularized the process of data sharing at a global scale with the growth of digital literacy, technology and cloud computing. There are many factors which led to sharing of data at this scale like affordability of storage and technology, the industry mindset that it treats data as an asset and the rules and regulations which aimed at reducing risk in data sharing.

User data contains both explicit data (directly given by the user) and implicit data (through website Cookies, page visit and device profile etc). Such data is collected from and in multiple ways such as when they provide their business requirements, when the customer shares the delivery-related charges, or in their interactions with a new product.

Modern websites have adopted a common technique to collect user data through cookies and other modes. This helps creators or businesses to make decisions and create better experiences. This collected user data is used to derive product direction and make specialized content.

MONETIZATION OF DATA FOR BUSINESSES

The term ‘data monetization’ refers to the process of generating economic value from the data they collect and store. This can be done through various methods, with some focusing on internal growth and others on creating direct revenue streams.

1. Internal Data Utilization

This means the analysis of customer purchase data and behaviour to identify popular products with the aim of reducing costs and boosting efficiency. The website’s visits and email interaction is used to create targeted advertisement campaigns and the predictive maintenance is used to monitor sensor data from equipment to predict potential failures and schedule preventive maintenance, minimizing downtime and repair costs. Many modern e-commerce website use their internal data extensively to recommend products to its user on the basis of the browsing history and past purchases leading to sales growth and satisfaction to the customer.

2. Data-Driven Products and Services

Data-driven products and services use curated datasets from market research for business needs. Furthermore, subscription models provide decision-making tools and analytics dashboards as a service. They also support risk management through predictive models and algorithms. For example, marketing companies often sell TV viewership data to media companies for demographic targeting.

WHO ARE DATA PARTNERS?

Businesses often partner with other companies to share data sets for mutual benefit. This could involve exchanging customer demographics, market research data, or industry insights. Both parties can leverage the combined data to gain deeper insights and inform their decision-making. Partnering can also involve conducting joint data analysis projects. This allows companies to combine their expertise and resources to tackle complex data challenges in areas like customer segmentation, product development, or fraud detection.

SELECTION OF DATA PARTNERS

Due to the sensitive nature of the shared data and the possible vulnerabilities. The selection of the data partners should be based on the following criteria: –

  • A potential Data Partner should be evaluated and assessed on the basis of their data security infrastructure, data storage and protection mechanism, privacy policies and practices including cross border data sharing aligned with the laws.
  • Conducting regular security audits and vulnerability assessments is an important part of the selection.
  • Due diligence must be carried out including the data protection impact assessment to understand risks involved.
  • Keeping a track on the data breaches and compliances issues, if any, with the data partner.
  • The terms and conditions in the contract must be clear and explicit in a manner including the audit rights.
  • The factor of liability clauses towards any probable breaches or non-compliance should be exhaustively dealt with in such contracts.

RECOMMENDED PRACTICES INTERNALLY AND EXTERNALLY FOR DATA SHARING

As a data subject, one must understand which data is essential for the online activities and what is not required. At the same time, organizations’ data privacy policies should not be limited to avoid data collection but also about finding optimal balance between the data needs and wants. Organisations must be ethically aware that they are using the data for the correct purpose as they had promised their user.

Anonymization of data by of masking up or removal of personal information from data records is another essential practice that businesses can employ before sharing the information with their data partners. However, anonymizing techniques need to be fairly robust, even when identifiers are removed from data, it may be possible for attackers to de-anonymize the data by cross referencing with other data sources, thus revealing sensitive information.

Another policy method which can be employed is called implementation of differential privacy. This suggests that a property of datasets and algorithms that allows you to publicly share information about the patterns displayed by groups while keeping information about individuals in the data set is private. This ensures privacy during data collection. It is not even revealed to an organization’s internal users, which creates robust levels of privacy.

Engaging with data ecosystems and making optimal use of the data requires capabilities that sometimes do not exist in organizations. To deal with this shortfall, organizations need either to build them in-house or source them from partners from within or outside the ecosystem.

AMLEGALS REMARKS

In this day and age, data is much more than a resource, it has become an asset to businesses and one of the primary ways to maximize the earning potential of this asset is through data sharing. Many users do not have a problem with certain types of collected data as the users remain under the assumption that of its use to the other parties. For example, a user might assume that the collection of his last seen data on a site doesn’t look to have negative consequences but it could expose the sensitive information about the user’s online activities or behavioural patterns to the other parties.

Organizations need to be proactive to limit ensure security against potential breach or change in compliances. Thus, the best way limit exposure is to set up proper internal data governance systems for collating and managing different kinds of data using different procedures.

– Team AMLEGALS assisted by Mr. Pritam Kumar


For any queries or feedback feel free to reach out to mridusha.guha@amlegals.com or jason.james@amlegals.com

© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.

 

Disclaimer & Confirmation As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.
However, the user is advised to confirm the veracity of the same from independent and expert sources.