Fable Data - Data Ethics Policy 

Fable Data exists to provide high quality, timely, anonymised data on the performance of the consumer economy into the hands of decision makers. Data ethics sits at the hearts of our business, and directs all our commercial, scientific and recruitment decisions. We actively engage with senior expert advisers and constantly review legal, ethical and technical developments to ensure that Fable is at the forefront of ethical data practices. 

 

We create tags and features by identifying the merchant, location and purchase category in anonymised consumer spend data that looks like these examples: 

 

tesco metro 2990  £15.00 

paypal *netflix.com  £10.00 

bp tankstelle 55268  €80.00 

amznmktplace de  €25.00 

auchan drive rue gabriel lippmann  36 €99.00 

argos inside sainsburys 0629  £25.00 

Intercontinental-ana roppongi  ¥9000 

 

Our Data Partners are Banks, Fintechs, Payment Providers and Card Issuers who have the rights to commercialise anonymised consumer transaction data. Our Data Partners are required to scrub, mask and redact Personal Data from the transaction strings before they come to Fable. 

 

The General Data Protection Regulation that became law in 2018 has been useful in clarifying the legal framework, and contributed to our decision to avoid processing Personal Data. 

 

We strive to be ethical and transparent. We aim not merely to be legally compliant, but to set new standards for best practice when it comes to handling consumer data. We do this by designing our business practices and products around four core ethical values: 

 

 

Our values 

  1. Privacy by design

  2. Group privacy and protected characteristics 

  3. Confidentiality 

  4. Public service 

We have a responsibility to our Data Partners, Shareholders, and the general public not only to commit to upholding key values, but to explain in detail how we put these values into practice. What follows below are just some of the examples of how ethics guides the way we do business. This is a living list of best practice that will evolve over time. 

 

Privacy by design 

  1. Our business model is private by design. We only receive and work with anonymised data. Specifically, we do not receive, hold, create or transmit Personal Data including names, addresses, user IDs, card numbers, bank account numbers or sort codes.  

  2. We do not receive certain types of transaction that are likely to contain identifiers such as consumer-to-consumer bank transfers. 

  3. We help our partners to mask order and ticket numbers. We are interested the name of an airline but not the ticket information. 

  4. We will never attempt to re-identify individuals from the anonymised data shared with us by our Data Partners. 

  5. We actively check to ensure we are not receiving Personal Data, or close proxies that could be used to re-identify individuals. If we receive Personal Data in error, we delete it, notify our Data Partners, and change our processes to stop it happening again. 

  6. Our products do not contain Personal Data, and are designed to inhibit re-identification. We also require our clients to not combine our feeds with other data in any way that might make it possible to re-identify individuals or create Personal Data. 

  7. Our data centre and communications networks are designed to be secure and resilient in order to protect the data we receive and process. 

Group privacy and protected characteristics 

  1. We balance our panel using high level attributes that cover thousands of households such as UK Local Authority, postcode sector and census data. For example, UK postcodes typically cover 40 houses, whereas postcode sectors typically cover 2,500 houses. Through balancing and tagging at postal sector level we create large cohorts of consumers and protect not only the privacy of individuals, but of groups as well.  

  2. We do not receive text that includes markers of protected group characteristics such as Trade Unions, political affiliation, or sexual orientation. 

  3. We populate and maintain a blacklist by reviewing protected characteristics and proxies identified by researchers.  

  4. We do not receive potentially sensitive group-level data that has no value for our clients. For example, knowing a consumer has been fined by a Magistrate’s court may not constitute personal data since there is no route back to the individual, but we have no use for this information. 

Confidentiality 

  1. Only individuals in key roles in our business know who our Data Partners are. We do not disclose our Data Partners’ names to clients, nor our clients’ names to Data Partners. 

  2. We protect the identity of our Data Partners and do not speculate on their business performance. We do not trade the shares of our Data Partners, our clients, or any of the merchants about whom we derive information. 

Public service

 

  1. We provide many of our products free of charge to government policy-makers and academic researchers to support evidence-based policy-making and open science. 

  2. To help improve data analysis skills across government and academia, we share our expertise and technical know-how with selected public sector bodies.