Is Data Mining Illegal?

is data mining illegal?

With data mining companies like Cambridge Analytica in the news, this topic has been a source of debate. From political operations to major brands, many companies use data mining to drive their marketing efforts. Data operations help determine where to hold rallies, which advertising campaigns are right for the market and how to reach out to potential consumers.

Is data mining illegal?  While data mining itself is not illegal, there are laws governing data mining practices that involve the data of individuals.  Certain types of data like weather data can be mined without ethical or legal considerations.  Other data like health information or consumer behavior must be mined with caution.  For data mining to work, it has to follow these laws and regulations, or some data mining activities could be illegal.

How Does Data Mining Work?

Data mining is the study of collected data to find patterns and information that can help an organization make informed business decisions. Data mining may be done on a small scale, like a research team, or on a larger scale through automated data processing.  There are five steps to data mining.  These include:

  • Collecting data
  • Storing and managing data
  • Analyzing data
  • Sorting data
  • Presenting data

Data Collection

When someone shops or interacts with a website, they leave a digital trail behind. Consumers create 2.5 quintillion bytes of big data a day. The data industry is worth billions of dollars. It is used by governments, businesses and political campaigns to learn more about individuals.

This data includes information about what someone buys, who they talk to and what they do. Data miners uses machine learning to predict patterns in decision making. It is used in everything from medical research to predicting the weather. For political campaigns, a data miner could use consumer data to build a profile about how the individual might vote and the right marketing campaign for each person. Through data collection, data miners can predict future behavior and the user’s interests.

Data Storage

Data can be stored in-house on servers or it can be stored in a virtual cloud environment.  Regardless of where the data is stored, it is imperative that the environment is secure.  A study by the United States Census Bureau found that 73% of American households are concerned about cybersecurity and their own online privacy.

Data Analysis

For data to be useful, it needs to be accurate.  Data analysts must figure out how to best organize the data based on the needs of their clients.  Organizations might decide to use their data in an online marketing campaign or to conduct training activities with their employees to improve customer service.  Knowing what types of data are available and ensuring that information meets the organizations need is imperative.

Sorting Data

Data sorting is a process that takes the data from an organization and arranges it in a meaningful way to make it easier to understand and use.  Software like SPSS and SQL are used to sort data so it is easier to comprehend and use in decision making.

Presenting Data

Data can be presented in a variety of different ways to help leaders make informed decision.  Some of these include:

  • descriptive presentations
  • tabular presentations
  • diagrammatic presentations

If data is sorted and analyzed properly, it can present a clear story.

Why is Data Mining Important?

Data mining provides significant value to an organization.  It can help reveal hidden consumer behavior or uncover trends.  Good data mining can result in a greater number of business opportunities which can make a positive impact on a business’s bottom line.  Data mining is used in a variety of industries including:

  • Education
  • Retail
  • Social media
  • Insurance

The benefits of data mining are plentiful.  Some of these include:

  • Refining customer relationships
  • Better business decision making
  • Enhanced customer safety and security
  • Improved forecasting and planning

Data mining shouldn’t be confused with a data breach or other malicious activity.  Most of the time, companies use data mining strategies to provide their customers with better opportunities and services.  A marketing department might use data mining strategies to analyze customer behavior to create a more effective and meaningful holiday promotion.  An education provider might use data mining procedures to develop a more appropriate program for a specific demographic.

Data Mining and Regulations

Data mining is regulated differently throughout the world. In Europe and the United Kingdom, data protection laws require the organization to have a legal basis for activities related to:

  • analyzing data
  • obtaining data
  • sharing data
  • selling data

The UK Data Protection Act of 1998 states that anyone who has their data processed has a right to access it.  There are specific rules relating to text and data mining in Europe.

The new General Data Protection Regulation (GDPR) also requires consent. For a company to collect data, they must give citizens the chance to consent to the collection or object. If the company breaks this rule, it can face stiff penalties.

The United States and Data Mining Regulations

According to the John Marshall Journal of Information Technology and Privacy Law, the Federal Trade Commission (FTC) is currently in charge of regulating data. The FTC and state laws have tried to protect consumer privacy, but many of these regulations are ineffective.

Right now, the FTC uses a framework based on simplified choice, privacy by design and greater transparency. During the Obama administration, it used a Privacy Bill of Rights to increase:

  • individual control
  • security
  • accuracy
  • transparency

The goal was to help consumers have extra control about what information companies could collect and how the information was used.

Privacy by design laws mean that companies should implement policies that ensure consumer privacy. Meanwhile, simplified choice requires companies to give consumers the choice about whether their data is collected. With greater transparency rules, consumers are supposed to get simple, short privacy policies that they can actually understand.

Are There Ethical Issues with Data Mining?

Ethics issues are primarily based around individuality and privacy.  Companies who use data mining techniques should be aware of the potential for ethical issues with their use of data.  A customer should be given the opportunity to opt-out of data collection and analysis of their information.  But doing so might cause the company to miss out on a marketing opportunity.  Companies must weigh the potential ethical issues (and even legal issues) with how they collect and use the most basic data on their customers.

When Facebook came under file for selling the data of over 50 million US citizens to Cambridge America, they came under fire for shady data mining practices.  Facebook users were surprised to see their information sold like a commodity without their explicit permission.

Since then, the debate over an ‘opt-in’ or ‘opt-out’ decision has been on the forefront of data ethics.  An ‘opt-out’ decision means that the individual must actively remove themselves from the system or risk having their information used as the company sees appropriate.  In an ‘opt-in’ decision, the individual must explicitly consent to their participation and have their data used.  Businesses have discovered that using an ‘opt-in’ process results in lower participation which could have an impact on business.  The challenge comes with the need to create a process that informs the consumer of the protections in place to secure their information and how exactly the information shared will be used.

Legal Issues Associated with Business Data Mining Activities

Unfortunately, there is not a blanket law in the US that covers how data should be protected and shared.  There are data mining laws that target specific types of data.  It is important that data miners are knowledgeable about these laws and the types of data they relate to.  Data mining legal issues can arise when information is used in a way that fails to protect the privacy of the individual.

While many people assume that the Health Insurance Portability and Accountability Act (HIPAA) protects your private health care data, the law actually only covers information and medical records shared with a covered entity.  The communication you have with your doctor, or your insurance company is protected by this law, but your Fitbit data is not.

There may be legal issues with data mining with the use of protected health information related to tasks like de-identification and the storage of data.  Data miners must take steps to ensure their efforts provide appropriate insights without violating HIPAA regulations.

The Fair Credit Reporting Act (FCRA) covers information on your credit report and includes how the information is obtained and who can see it.  This important data can impact your ability to own a home or even get a job, so it is important it’s correct and used appropriately.  Unfortunately, information is often incorrect or outdated.  In some cases, reporting agencies have shared this information with unauthorized individuals or businesses.

The Gramm-Leach-Bliley Act (GLBA) is also known as the Financial Modernization Act of 1999.  This federal law controls the ways US financial institutions handle the personal data of individuals.  It doesn’t restrict how an organization uses this data as long as the consumer knows how their data will be used.  It is comprised of three sections.

  • The Financial Privacy Rule

The Financial Privacy Rule regulates the collection and use or private financial information.  An organization needs to share its privacy policy at the start of a customer relationship and an annual notice must be sent.

  • The Safeguards Rule

The Safeguards Rule was issued by the Federal Trade Commission in 2002.  It gives the organization instructions for how to implement protections against cyber attacks, email spoofing, and phishing schemes.

  • Pretexting Rule

The Pretexting Rule was created to prevent employees and business from collecting information about their customers under false pretenses.

There are also privacy and data mining laws regarding children.  The Children’s Online Privacy Protection Rule (COPPA) is a law created to restrict a company’s data collection of children under the age of 13.  It details how and when a company needs to obtain verifiable consent from a parent or legal guardian.  It also dictates what responsibilities the company has to protect the privacy and security of that information.  Because of this law, many social media sites strictly prohibit children under 13 from using their services because of the cost and effect involved in complying with COPPA.


Is data mining legal?  While it may be legal, it should be done with ethical and legal considerations.  Consumers often think of data mining as something that occurs when they use an online app or website. In reality, the consumer’s information is collected any time they use their credit card at the store. Companies collect personal information from the credit card and can sell it to third parties. Unfortunately, privacy protections are still in their infancy, so consumers may continue to face unwanted data mining.

Related Resources:

Find Your Degree
Scroll to Top