With Big Data, everyone wants to know: Who uses what and is it legal?

This article originally appeared in Property Portal Watch, May 18th 2018

By Paul Stewart-Smith, Chief Operating Officer


Who owns your data?

Data security has been hitting the global headlines recently. It may have even swung elections, cost a global social media company $37 billion USD in share value, and ultimately made us all a little more conscious of what we post and store online.

It raises some interesting questions on how data is collected, how it is stored, and how it is used both by individuals and within your own business or workplace. At Propertyfinder, we have the same concerns, as does any business: we all care about our employee data, our businesses financial data, and our clients’ data. Every day we protect, double check, and triple check. Any business should be answering the following questions daily:

  • Who owns my data?
  • Does it matter where that data came from originally?
  • How secure is my data?

The data that you create belongs to you. It is that simple. If a company records information about individuals that is given freely, then those companies need permission to store and then utilise that data. Companies cannot just go and use that personal data as they wish.

Anonymised, aggregated data is fine, but as soon as that data about individuals is shared (or even sold) with the outside world, then companies need to be careful and observe laws of, not just the UAE, but even where the user or customer originates from.

A company’s use and possession of your data is controlled by two things: the laws and regulations that the Company is bound by, and the contractual arrangement that you have with the company, usually through a privacy policy.

Advises Propertyfinder Group’s in-house counsel, Brian Dunn.

The key is that if you create data then you own it. If someone gives you data about themselves then they own it and you have a responsibility to protect it. They may grant you permission to use it but you have to check.

So, what if you store your data in a third-party system? You still own your data, the third-party provider cannot preclude your access or prevent you from recovering such data.

At myCRM, we take this very seriously. How can I give evidence of that? Well, no one at Propertyfinder or myCRM can access your data; your logins are yours exclusively, and we cannot log in to view your data.

You have the ability to export your data whenever you want either for backups or for your own further analysis. Some CRM systems hold your data hostage, but they cannot legally do this.

An individual’s rights to data ownership are governed and protected by the UAE Federal cybercrime law, as well as other international regulations that pertain to companies in the UAE, such as the European Union’s General Data Protection Regulation (GDPR).

While a company may utilise the data provided to them, pursuant to the terms of an agreement, such as a Privacy Policy, the protections provided to data owners by the aforementioned laws and regulations preclude any company (data controller) from stopping the data owner access to their data.

As you can see, if any company ever does hold your data hostage, just tell them the above.

We’ve established that you own your data, that data controllers that you use cannot hold your data hostage and that you have to be careful of individuals’ data that they have given you. Now, what about how you protect your data from external threats, making sure that no one you don’t want to see your data sees it.

WikiLeaks may have more newsworthy data, but that doesn’t mean protecting our data is any less important to our businesses or our clients. At myCRM, we use military-grade security.

Two-factor authentication (where you need to verify your login from another device) is becoming standard from the likes of Apple and Microsoft and we take this just as seriously. The point is that you as a customer of ours can change your password and you need your own personal device to confirm it, no one at our end interferes or knows these passwords and if we try and change it, you will get notified on your second device. Just like when someone logs into your Apple ID from a new device, you get notified elsewhere. It’s just an example of what you should be expecting from all your systems in a world where data security and ownership is under the microscope.

Even when data was stored in a filing cabinet, it was under threat of theft. As it moved online, that threat remained.

As consumers become more used to storing everything online, the risk of theft increases, but what if the theft doesn’t take it away from you, but simply uses it to gain an advantage without you even knowing?  Recently, big data analysis firms have been accused of using the most famous social media platform to gain financial and political advantage. The threat is real.

Know your rights with your data, know your rights and the rights of individuals whose data you store, and finally, make sure your system providers don’t take your data hostage.

If you have any questions about GDPR or would like to hear more about myCRM, contact Tom at tom@mycrm.com

This Blog is made available for educational purposes only, in addition to providing you with general information and a general understanding of its content, including referenced laws and regulations, and not to provide specific legal advice. The Blog should not be used as a substitute for competent advice from a licensed professional.