Opinion | What's next for data sharing?

Cimeon Ellerton unpicks what Brexit may mean for data sharing in the arts...

I believe Brexit will increase confusion over the use of data in the cultural sector as many of us have been preparing for the introduction of the new General Data Protection Regulations (GDPR).

The Data Protection Act (DPA) is one of the major pieces of legislation covering rights and responsibilities in relation to the collection, processing and ultimate use of data; and only as it relates to people. This is defined in the act as “…the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.”

There is also the Privacy & Electronic Communications Regulations (PECR), which in the words of the Information Commissioner’s Office (ICO): “…sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications” [my highlight for emphasis].

Both these pieces of legislation are to some extent derived from European legislation, however, leaving the EU will not mean that they cease to exist. They will continue to govern the way we deal with data no matter what happens, until they are either amended or superseded.

The GDPR is scheduled to take effect on 25th May 2018. If we haven’t left the EU by this date, then the new regulation in all likelihood will automatically apply[1]. There has been some suggestion in blogs and conferences that this regulation makes data aggregation and profiling unlawful. This is not true.

We have a tendency in the sector to think of segmentation and profiling interchangeably, but in strict technical terms, segmentation is not profiling. And nor is an Audience Spectrum profile. You would only be affected if you track a specific identifiable person in order to offer different goods or services under different terms on the basis of that single person’s past behaviour.

I have spoken at many events and conferences about the danger of attempting the holy grail of individual personalisation, since very few of us (if any in the cultural sector) have the scale of data and range of offer to personalise on an individual basis – let alone the staff or organisation capacity to deliver it. So rather than this regulation being a barrier to segmentation and use of profiling tools such as Audience Spectrum, it is actually reinforcing The Audience Agency’s approach and brings everybody who provides these sorts of data processing services in line with Audience Finder. Planning and communicating an offer that is appropriate to the clearly evidenced preferences and propensities of the audience is not only lawful, but positively encouraged by the ICO.

It’s also important to note here that the vast majority of information that you and I deal with, is not personal information and is therefore not covered by the GDPR, DPA (or PECR). Audience Surveys do not collect personal information. Many of you collect email addresses at the same time, and these should be treated with the care and attention required as ethical organisations as much as the requirements of the DPA or PECR. Even the names and addresses from ticket bookers used to build a picture of national arts attendance through Audience Finder remain within the research exemption for our purposes. And once anonymised, there is no personal information to fall within the remit of the legislation.

The Audience Agency is always looking for ways to provide better value and more flexibility for users and contributors to Audience Finder. Because anonymised information falls outside the remit of this legislation, we can open up some of our anonymised data for anybody to explore. We’ve been working with Socrata – specialists in publishing open data – to conduct internal testing on a new platform to allow you direct access to a copy of the summary data you currently see as infographics in the ‘National data’ section of Audience Finder. I’ll be writing more about this exciting development, including when and where you’ll be able to access it, in my next blog post.

In the meantime, if you have any questions about Audience Finder, Open Data, or anything else audiences, insight etc then email us at audiencefinder@theaudienceagency.org

[1] The GDPR falls under the European Communities Act (ECA). Therefore the GDPR would automatically come in without the need for British legislation, but they would cease to have effect when we repeal the ECA, which could be any time. Of course, when we trigger article 50, we may negotiate arrangements for the transition period that would mean new regulations don't take effect.