Legitimate interests rather than consent can still justify big data use, says ICO

Organisations do not always need to obtain users’ consent to be able to process personal data within big data, the Information Commissioner’s Office has clarified. The UK’s data protection regulator had been criticised of suggesting that operators of big data needed to obtain consent. However, the ICO has clarified that the other grounds that permit the processing of personal data apply just as much as with other uses of data. It has commented that its focus in previous guidance on consent was because of the focus of debate having been so much on that ground. The regulator said it “did not mean to comply that consent is the only or the most important condition; any of the conditions listed in the Data Protection Act and the Data Protection Directive can legitimise the processing of personal data”.