There is a growing trend of organisations using alternative data for various purposes, like making better investment or credit decisions. The reason is simple – data drives efficiency and better decisions. The more good data you have, the better the outcome. this is especially true for data-driven organisations.  The questions is – is it lawful to use alternative data? This is an aspect of information law.

It is important because if you intentionally and unlawfully process data, you are probably committing a cybercrime in many countries. You’ll be acting illegally and not just unlawfully. And if you break the law, there are often severe consequences.

Data is only half the story – the other half is about the algorithms used to process the data. But that is a story for another time.

What is alternative data?

Each organisation generates primary data from its main processing activities – data that directly relates to its processing activities. They can also generate (or obtain) data from other sources. This data is often called alternative data.

What do organisations use it for?

Many things, but essentially alternative data gives you additional insights or intelligence that can be very useful for your primary purposes. For example, in finance investors can use it to make better investment decisions. In credit, lenders can use it to make better credit decisions.

It can be very useful and can result in benefits for many. For example, it can help lenders responsibly lend to people and organisations who would normally not have access to credit. The analytics from alternative data can be very insightful.

Checklist for using alternative data lawfully?

  1. Classify the alternative data into different categories of data, like personal data, special personal data, consumer credit data, health data or account numbers.
  2. Determine what laws apply to each category of data, like data protection law or credit law.
  3. Determine what the regulatory requirements are of that law and comply with them.
  4. If there is no law that regulates how you can process a category of data, go for it.
  5. Check whether you are infringing someone’s copyright to the data. Copyright applies to data as it does to other copyrighted works.
  6. If the alternative data includes personal data, check that you comply with data protection law. For example, are you:
    1. applying the data protection principles, and enabling the data subject rights,
    2. making lawful automated decisions,
    3. following the guidance issued by authorities, board or supervisors for data analytics.
  7. Check whether you are committing a cybercrime.

Remember that data protection law creates many regulatory requirements. So, if your alternative data includes personal data, there will be much to think about. For this reason, it might be better to only use anonymous or de-identified data as part of alternative date.