It is clear that Big Data has huge commercial utility, with many predicting it will form a key asset in future business models. As it transforms the wider world, what are the legal ramifications of using this revolutionary technology in the UAE?
Big Data is the analysis of the vast amount of information being collected from all of us to find meaningful correlations, predict market behaviour and advertise goods in a highly targeted manner. For example, Tesco, the UK supermarket chain that is regarded in the industry as the first to deploy Big Data, uses its loyalty Clubcard data to send targeted adverts to customers for certain brands. Big Data can also be used in other ways. For example, Sainsbury’s, another UK supermarket, discovered that a cereal brand called Grape-Nuts was worth stocking – despite weak sales – because the shoppers who bought it were extremely loyal to Sainsbury’s and often big spenders.
Given the powerful nature of the technology, it is unsurprising that it has attracted much discussion from both businesses and regulators. Indeed, Big Data was the theme of the UAE Forum on Information and Communication Technology Research 2014, with the Telecommunications Regulatory Authority (TRA) acting as the main sponsor. Before utilising this exciting technology, however, decision-makers at businesses should think through the legal ramifications of engaging with Big Data here in the UAE.
Legal considerations
Although there is currently no legal framework specifically regulating Big Data in the UAE, the following four facets should be considered when implementing a Big Data strategy here:
• Ownership – a simple but fundamental point is that Big Data should be analysed only if the business owns it via an intellectual property right or has a data licence to use it. This is important because by 2016, according to Gartner, 30 per cent of companies will make a financial gain from data that they hold by selling it to third parties. As it is unlikely a business will collect all its own data, when purchasing information from a third party, Big Data users should also consider whether the seller has a legitimate right to sell or licence the information. Where an organisation collects its own data, some brands might want to use that data for their own purposes. For example, a brand of, say, coffee might approach a retailer (who has a brand loyalty card) and ask to buy access to customers purchasing rival brands, so it can put an offer to these customers. For the brand to do this, it must have confirmation that the supermarket can use the data in this way. Proper evaluation, protection and ownership identification of data is essential in these instances.
• Privacy – the importance of privacy in the UAE is reflected in Article 378 of the Penal Code (Federal Law No 3 of 1987) which provides that, in the absence of consent, the publication or transmission to any other device of any personal data relating to an individual's private or family life is an offence. For instance, it is not clear whether the disclosure of a family's shopping habits can be regarded as an intrusion into an individual's private or family life. In such instances, users might want to consider rendering the data anonymous. In any event, Big Data users should ensure that a data subject's consent is obtained before the transmission of such personal data and consider carefully the consequences of the inadvertent disclosure of mass data or the contribution of information to open-source data sets.
• Data protection – although the UAE does not have a general framework covering data protection, standalone laws applying to certain industries and free zones (for example, telecoms, health care and the Dubai International Financial Centre) should, if applicable, be considered by Big Data users.
• Opting in – the TRA has issued an Unsolicited Electronic Communications Policy. This provides that telecom licensees are under a general obligation to put in place all practical measures to minimise the transmission of unsolicited electronic marketing communications with a UAE connection across their networks. Unless otherwise provided by the policy, the process by which consent is obtained should normally be by way of an opt-in procedure. For instance, this may apply to promotions via texts or emails. Before collecting Big Data, strategies to obtain consent for its usage should be considered.
Legal strategies
Technology enabling business to predict market practice is clearly a powerful commercial tool and as the Big Data revolution continues, the utility and value of the technology will grow. As its importance and influence increase, the law and regulation of the subject will become clearer and more sophisticated. It is not clear whether there have been any breaches of the legal considerations set out above by Big Data users in the UAE. You might want to ensure that you are not the first.
Saleem Adam, a partner, heads up Trowers & Hamlins' IT practice in the UAE. Gavin Coutts is a trainee solicitor, currently in the law firm's Abu Dhabi office
Follow us on Twitter @Ind_Insights
