Why do companies need to seek consent when your data is available everywhere?

04 Jul 2017 by LAM CHEE KINGroup Head of Legal and Compliance, DBS Bank

Photo: Shutterstock

When it comes to data protection, companies should focus on big data trends and think about what careful stewardship of customer information looks like in that context

With data management, it is easy to miss the forest for the trees. Seminars and presentations on data privacy tend to focus on smaller challenges – how to implement frameworks for proper collection and storage, manage the cross-border transmission of data, and how and when to destroy collected data.

While not trivial subjects, these are not the main issues consumers, corporations or even societies should be overly invested in.

Big data can provide insights and correlations

Photo: Shutterstock

The macro trend is a digital revolution which sees increases in computational power in mobile devices, the rise of social media, significant advances in analytics and the wider applications of artificial intelligence. So it is more appropriate to broaden the conversation to big data when we consider data protection.

In the future, where data is ubiquitous, we wrestle primarily with the implications that flow from this proliferation of big data. These implications stem from greater collection, greater sharing and greater processing of widely available information.

At some point in time, everything will become a sensor, collecting information about the environment and people’s actions. With the Internet of Things, all these sensors will also be networked.

Coupled with social media, these networked devices will also be sharing data with all kinds of other networks, devices and platforms. Big data analytics engines will pore over that data, looking for insights and correlations.

Big data enables the transformation of banking

Photo: NUS

The banking sector will not be spared. It will be increasingly feasible to make banking “invisible” – to be embedded seamlessly into the customer’s day-to-day tasks and way of life. Each of us have life objectives – retirement, purchasing a car or saving for our children’s education, yet few of us go about each of these tasks deliberately in an organised fashion.

While great product and process design can make customers happier, data is the oil that enables this transformation of the banking experience.

With data, when you visit a car showroom, it will be possible to process and pre-approve your car loan so that you can focus on buying the car that you want, instead of worrying and doing the sums on whether you can pay it off. With data, budget planning can be done predictively, with a clear picture of your likely monthly inflow and outflow of funds.

This is not a phenomenon limited to banking, for the entire world is headed in that direction. It is happening in a very subtle way – in fact the average consumer may not be completely aware of how we have already given away a lot of our data for very mundane reasons, whether to play Pokemon Go, post on Instagram, watch a smart TV, or track our movements using a Fitbit.

Data collection is commonplace, and it is not likely that we can draw good, informed boundaries around how and when our data is collected or used. In fact, this trend will render ideas of requiring informed consent from consumers to share their data pointless.

We can draw a parallel with how customer behaviour evolved with software end-licence user agreements: If someone really wanted the benefit of an application or a device, they would consent regardless, and would do so in a less than discerning way.

Companies must design policies to inspire consumer confidence and trust

Photo: Shutterstock

How consumers will think about data privacy will be shaped by what type of company they feel comfortable doing business with. So as companies, we need to design our data use policies in a way that will inspire consumer confidence and trust, and which, over time, will become a point of differentiation which drives customer behavior. At DBS, we tell customers that we uphold their trust by protecting and using their personal data in a responsible manner.

As companies, we need to design our data use policies in a way that will inspire consumer confidence and trust, and which, over time, will become a point of differentiation which drives customer behavior.

So data protection is more than the hygiene issues that people associate data privacy with, such as whether and how to get consent. More importantly, data protection flows from the relationship organisations have with the people whose data they are protecting, and how they continue to engender that trust in that relationship through responsible stewardship of this data.

We must also distinguish between the “safe” usage of data – in other words, use of data which is consistent with our promise – and “expanded” usage of data – the use of data which goes beyond what a reasonable member of society should expect, that may compromise the responsible stewardship of such data. For example, the use of data in an aggregated format, such as customer withdrawal patterns from ATMs, is considered “safe” since data is anonymised and cannot be traced back to individuals, and when or where specific individuals draw money is not made known.

The key thing we try to achieve, apart from what the law expects of us, is to always consider how customers expect us to behave. Even as we break new ground in innovative uses of data embedded in our products and services, so that our customers’ experiences improve, we are clear about what is acceptable to people.

But because things are changing so fast, that understanding of what is acceptable may evolve. So as good business practice, we should try to have good conversations about what may be possible and acceptable tomorrow.

If data is indeed the oil of our generation, then it is incumbent on us as consumers, companies and society as a whole, to think carefully about what kind of world we want that to be.

This post was first published on

Lam Chee Kin is Group Head of Legal and Compliance at DBS Bank. He serves on the Data Protection Advisory Committee of Singapore and the Advisory Panel to the NUS Centre for Banking and Finance Law.