New concepts: Customer data and business data
This is the last post in our series on how the Government’s proposed Data Protection and Digital Information (No. 2) Bill (the Bill) would affect data controllers. In this post, we ask what further changes to the data protection legislative landscape could lie ahead.
Last week, we considered how the Bill could open the way for an adequacy regulation in favour of the US. In the same spirit of change, the Bill also introduces the concept of ‘customer data’ and ‘business data’. The Bill does not make direct provisions in relation to customer data and business data; rather, it would give the Secretary of State the right to make regulations.
What is customer data and business data?
Customer data means information relating to a customer of a trader, the Bill explains that this includes:
- information relating to transactions between a customer and the trader, and
- information relating to the provision of customer data to a person in accordance with data regulations.
It is noteworthy that customer data would not solely consist of information about individuals; it would also include information about anyone (including businesses) who purchases or receives goods or services from another business. Customer data could also include information about transactions between a customer and a trader.
Business data means:
- information about goods, services, and digital content supplied or provided by the trader;
- information relating to the supply or provision of goods, services, and digital content by the trader (such as, for example, information about where they are supplied, the terms on which they are supplied or provided, prices, or performance);
- information relating to feedback from customers about the goods, services, or digital content; and
- information relating to the provision of business data to a person in accordance with data regulations.
Business data would include information about the goods or services a trader is offering, eg their prices, their T&Cs, and customer feedback.
Possible regulations
The Bill would give the Secretary of State and the Treasury the power to make regulations requiring holders of customer data or business data to either make that information available to third parties or process it in a certain way.
The policy behind this new concept of customer data and business data is to improve data portability between suppliers, service providers, customers, and relevant third parties. The aim is fourfold:
- It takes steps towards rectifying the information imbalance between suppliers and customers;
- It enables customers to make better use of their personal data, for example, customers will be able to make more accurate tariff comparisons;
- It also enables customers to benefit from what will be a more competitive marketplace through lower prices and higher-quality goods and services; and
- It provides new services in and across sectors, such as services that help consumers save and manage their money.
The regulations pertaining to customer data and business data that could flow from the Bill would likely benefit customers in the long run, as the list of potential regulations is focused around customer rights. We foresee that organisations may be required to publish their business data, as well as their prices or terms and conditions.
It is important to bear in mind that none of these changes have actually been put into place yet. The Bill only gives the Secretary of State the right to make regulations on customer data and business data; we can only speculate on what the effect of those regulations would be. However, this Bill could mark a further shift towards even greater protections for the consumer and a move towards consumers gaining value from, rather than mere ownership of, their data.
To access the full catalogue of articles in our series on how the Government’s proposed Data Protection and Digital Information (No. 2) Bill (the Bill) would affect data controllers, visit our Data Reform: How could the upcoming changes affect your business? homepage.