The data economy is huge.

According to Digital Realty’s Data Economy Report 2018, in the UK alone it is worth €73.3bn and is directly responsible for creating 1.65 million jobs.

Furthermore, the report suggests there is further untapped potential of €52.3bn provided that businesses put the right systems in place to build consumer trust and confidence.

But who owns this data? How best can it be harnessed to create new types of services? And most importantly, how should companies be using information to ensure compliance with the EU General Data Protection Regulation (GDPR) while balancing the combined needs of user privacy and user benefits?

These were just some of the topics discussed at the third event of Bird & Bird’s Advance Series, held at the law firm’s London office and supported by The Telegraph.

Although much of the focus is still on personal data, especially since the Cambridge Analytica scandal, the use of data goes well beyond the individual. For example, the proliferation of sensors connected to the internet of things (IoT) means that assets such as buildings may have thousands of “data points”.

However, while it may be desirable to give structural engineers data about, say, the structural integrity of a bridge, there may be security issues about allowing this data in the public domain.

Privacy is paramount

For entrepreneur Gavin Starks, it is useful to think about three types of data for licensing purposes: open, shared and closed data.

Mr Starks, formerly co-chair of the Open Banking Standard, is the founder of a non-profit organisation, Icebreaker One, which is attempting to use shared data to bridge the data gaps between finance, policy and climate change for investment in carbon-zero infrastructure.

He is also working with digital identity app Yoti, which encrypts and anonymises personal data for identification purposes. “Without revealing your name or date of birth, Yoti can be used to answer, say, a question at a self-service checkout, such as ‘Is this person over 18?’ ” he said.

Protecting sensitive data is inevitably a key concern for all companies. For Leidos, which works with public sector organisations worldwide, including the Scottish government, the Ministry of Defence and the air navigation service provider NATS, data security is of primary importance.

Its business development director Andrew Radley said: “Our particular focus is helping public sector clients think through how they are going to deliver large scale public services using huge amounts of data and how we ensure that data is handled appropriately.”

The use of data is also growing exponentially. One company that processes vast amounts of data daily is travel aggregator website Skyscanner. Using application programming interfaces (APIs) provided by clients – including airlines, car hire companies and hotels – it delivers information, such as latest pricing and availability, to more than 90 million travellers a month worldwide.

Anoop Joshi, Skyscanner’s senior legal counsel, said: “There is a huge degree of responsibility about how we both protect the data we collect and how we ensure we are using it in a transparent way that travellers can trust.”

In addition to revenue from targeted online advertising, Skyscanner uses anonymised data it collects online to provide insights to travel industry clients.

A turn towards ethics

While data regulation has been accused of stifling innovation, most of the speakers were broadly in favour of the GDPR. “Our approach is that GDPR sets a high-water mark for privacy that we try to replicate worldwide,” said Mr Joshi.

He added that companies can turn data privacy into a competitive advantage, “just as Apple is doing over its competitors in the technology industry”.

Indeed, increasing numbers of companies are also looking at setting up ethics committees to deal with issues about the handling of data. For example, Mr Starks is a member of Yoti’s guardian council, which has a responsibility to hold the board to account on the data privacy of its customers.

“We can whistle-blow if we don’t think the company is following its commitments to look after its users’ privacy,” he said.

And regulation does not necessarily mean restricting the use of data. For example, Open Banking has meant that banks now have to enable customers to share their data to third parties via APIs, allowing people to aggregate their financial accounts as well as access new types of services.

Another potential benefit, said Mr Radley, may be to allow anonymised health data to be used for diagnosing illnesses and providing new treatments.

Mr Starks said it was important to look at individual-use cases when it comes to providing data. “Most people are happy with using social media because they don’t see the harm of providing data in return for a platform to communicate with friends.”

Similarly, Mr Joshi said that only a tiny fraction of Skyscanner customers ever ask for their data to be deleted.

The panellists agreed that, provided there is transparency with the customer, data can deliver massive benefits to individuals as well as innovative business models.