Data Protection & PrivacyInsights

Use of Non-Personal Data: Proposed Non-Personal Data Rules (Part II)

Data is the new oil. Perhaps more valuable than oil; its value does not depreciate upon usage. Last 20 years of the 21st century were highly disruptive due to the innovations like internet and Artificial intelligence. It changed the way businesses operate, make decisions, target their customers and reach out to them. The impact of digitization has been seen in other sectors too including government, education, and law enforcement. Data or information has driven this change. Although data in itself may not be always informative, but it can work wonders for any organization if utilized properly. The best examples are the tech giants like Amazon, Facebook, or Google.  In this article we will analyze as to how and why businesses collect data? And how do they make best use of non-personal data and personal data?

How do businesses collect the data?
Direct Tracking

Businesses use different techniques to collect data, which varies as per their requirements. They can collect it through customer consent, or from some other organization. The first source of collecting the data is businesses’ website or mobile app or social media pages. The businesses insert cookies which allow them to track the browsing history of the user. It gives insights related to the consumers’ interest and behavior on the site. This is how a user can see advertisements of a coffee mug that they were looking for only a few minutes ago on the internet.

Indirect Tracking

Businesses can also collect data by indirectly tracking the consumers. Another method is email tracking. Businesses learn the location and specification of device used to open that email, along with time stamps. Third party trackers are another technology through which businesses collect customer data. They embed trackers in applications for analyzing the user behavior. These sophisticated tools can track myriad of information this includes

  1. the user’s queries in search engine,
  2. user history,
  3. the frequency of a user’s returning visits to a site,
  4. user clicks, time spent on the website,
  5. the speed of scrolling through the website,
  6. where the user stops and focuses,
  7. the movement of the mouse,
  8. comments and reactions of the user on social media.

Data focused companies like Oracle and Acxiom buy, collect, analyze and sell customer data to businesses for targeted advertisement. They acquire data from e-commerce websites and many other resources including open data, government census and other public data. A new major source of collection of data is Internet of Things [IoT]: all those smart sensor devices in our houses and businesses which are connected with internet. (smart watches, smart lights, smart devices)

It is also important for us to understand the nature of the data collected and the information derived the data.

Categories of data
  1. Personal data: This category of data includes any information which can help identify a person. It includes name, IP, address, contact number, age, location etc.
  2. Engagement Data: This type of data tells about how consumers interact with various platforms. Including websites, apps, emails, social media, paid ads and customer service routes.
  3. Behavioral Data: This type of data tells about the purchase histories, product usage information, repeated actions, and mouse movement information.
  4. Attitudinal Data: This data consists of data related to consumer satisfaction, purchase criteria, product desirability and more. 
  5. Personalized data profile: It tracks IP address of the user’s device and other devices it interacts with . This data helps in generating personalized data profiles of the users.
Use of personal data

The data collected by organizations includes both personal and non-personal data. Personal data is used for targeted marketing. The stats by Cookiebot show that 99% of the cookies are used for the purpose of gaining insights into users, their behavior and preferences. It is further used for statistical purposes, for customization, for profiling and targeted marketing. This is how a user is advertised exactly, or close to, what he had been looking for. This data helps organizations optimize user friendliness and experience. At times this data is also used by companies to manipulate the electorate (Cambridge Analytica) and also it can be used by miscreants for committing cybercrimes (financial frauds). So, a user must be careful before giving their consent to privacy policy of any websites or mobile application.

Use of Non-personal data

Non-personal data includes any information which does not contain an element which can help in identification of a natural person. In other words, any data which does not qualify the personal data is non personal data. This data does not affect the privacy of natural persons. Yet, it is highly useful for companies to make decisions on their products strategies and product improvement. Non-personal data includes climate data collected by weather application, the sensors data (IoT) of an inventory or traffic data. The use case may depend upon the business that intends to use non-personal data. But generally, this data helps improve the service, achieve greater efficiency, and roll out much sought features in a user friendly way. The issue with non-personal data is though, that it is an unexploited resource. Data sharing or open access to non-personal data can help in enhancing the competition in the market, as small businesses would be able to skip the collection part, and run algorithms through the data to take decisions.

In the previous article, we had discussed an overview of proposed non-personal data rules. We have seen the way data businesses collect, process and use the data for making accumulating insights in the preset article. Kindly share your views about these articles. Views of our readers are of utmost value for us.

Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.

You can also follow us on InstagramFacebookLinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.

Adv. Bhagyashree Swami

Bhagyashree is a qualified advocate practicing in criminal/ cyber law and a certified CIPP/ E data protection professional. She has a great academic record with a LLM degree in Computer and Communication Laws from Queen Mary University of London. She also holds technical expertise in the area of digital forensics and investigation.

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.