• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

The ICO's Summary Paper on big data and data protection

Feedback on the discussion paper on big data

The UK’s Information Commissioner’s Office (‘ICO’) published a discussion paper on Big Data and Data Protection (the ‘Paper’) in July 2014, which set out their understanding of the data protection issues raised by big data. The objective of the Paper was to dispel the notion that it was not possible to both benefit from big data and comply with data protection laws. In this article, we’ve picked out recurring themes in the responses.

More practical guidance on compliance

An overarching theme from the responses was for the ICO to provide more practical guidance. Respondents asked for more guidance on how to comply with data protection requirements, including on specific technologies. The ICO seems to appreciate that such guidance could be useful, but believes that it may not be the most suitable organisation to provide technical guidance, at least not alone. The ICO stated that industry needs to be involved, for example, by developing standardised categories to inform people about how their data is being used. 

Respondents also commented on the difficulty in providing privacy notices and obtaining data subject consent in the context of big data. One respondent even asked for examples of how an organisation could communicate possible future uses of data in a privacy notice. The ICO appreciated this challenge and stated that it will continue to look for innovative ways to provide such notice. Additionally, the ICO has started to review its Privacy Notice Code of Practice and will be focusing more on how companies can be transparent about their uses of data in the big data environment. The review of the Privacy Notice Code of Practice is expected to be completed in June 2015.

Respondents also commented on how the ICO recommends privacy by design but does not provide practical advice as to how to implement it. In its response, the ICO commented that privacy by design involves organisational and technical measures, but conceded that more work is needed to identify exactly what those measures might comprise of. The ICO did say that it would like to continue to work with external experts to develop solutions that meet privacy by design. Another respondent argued for more focus on security and that technical security measures should cover how personal data is stored.

Another practical measure strongly recommended by the ICO to promote compliance is the use of privacy impact assessments (‘PIAs’). Respondents commented that PIAs are a tool to assess the impact and benefits of certain processing activities and should not be used to automatically sanction processing activities. Unsurprisingly, the ICO agreed, which will look to develop more specific guidance on PIAs.

It was suggested that personal data services could assist in helping businesses achieve data protection compliance. The ICO confirmed that it is aware of this development, but needs to see more evidence as to the benefits of personal data services.

A more risk-based approach

The responses seemed to reveal a trend that the ICO should focus more on the impact of analytics on individuals. For example, big data analytics could be used to offer a consumer a product that may appeal to them, which is less sensitive than using analytics to make decisions about applications for life insurance. The responses emphasised the importance of differentiating between levels of impact on individuals. The ICO said that its recommendation to conduct privacy impact assessments should highlight the impact on the individuals and show whether such processing is fair.

Another respondent argued that since website interactions generate large quantities of personal data, businesses should only have to provide data subjects with ‘major items’ of personal data when complying with subject access requests. Fulfilling subject access requests in a big data context will likely be challenging for businesses, but the ICO did not in this instance adopt a particularly business-friendly approach. It stated that subject access requests are a wide-ranging right and should allow data subjects to access all the data held about them.

Respondents also felt that the Paper focused too much on consent as a condition for processing personal data, and not enough on the relevance of the legitimate interests. The ICO’s response to this criticism was that it does accept that this condition applies. It also agrees that since the emphasis is on the organisation to satisfy itself that its legitimate interest does not prejudice the rights of the data subject, this is consistent with organisational accountability.

A respondent suggested that there should be greater emphasis on limiting the amount of data collected as a way of minimising risk associated with big data analytics. The ICO was in favour of this approach as it was in line with its recommendation in the Paper about data minimisation - namely that organisations should not hold data without purpose.

The new General Data Protection Regulation

Many respondents felt that more should have been said about the new General Data Protection Regulation (‘GDPR’) and its implications for big data. The ICO said that it has previously issued commentary on the GDPR and did not want to repeat itself.When the GDPR is approved, the ICO will release guidance on provisions relating to profiling, but said that it is premature at this stage to provide such an analysis.

Following the responses received, the ICO has confirmed that it will reissue the Paper to take into account the feedback. This revised Paper is expected in summer 2015, which may coincide with an agreement on the GDPR within the Council.

For more information please contact Nicola Fulford or Mahisha Rupan.

This article was first published in June's issue of E-Commerce Law & Policy