Our Data Ethics Policy 

Fable Data’s mission is to provide high quality, timely, anonymised data on the performance of the consumer economy into the hands of decision makers. Data ethics is at the heart of our business, and directs all our commercial, scientific and recruitment decisions. We actively engage with senior expert advisers and constantly review legal, ethical and technical developments to ensure that Fable Data is at the forefront of ethical data practices. 


Our data partners are banks, payment providers, card issuers and other financial data sources, who have the rights to commercialise anonymised consumer transaction data. Our data partners are required to scrub, mask and redact Personal Data from the transaction strings before data is transferred to Fable Data. 


The General Data Protection Regulation became law in 2018 and has been useful in clarifying the legal framework for data sharing and anonymised data. GDPR contributed to our decision to build a business model which does not use Personal Data. 


We strive to be ethical and transparent. We aim not merely to be legally compliant, but to set new standards for best practice when it comes to handling consumer data. We do this by designing our business practices and products around four core ethical values: 

Our values 

Privacy by design

Group privacy and protected characteristics 


Public service 

We have a responsibility to our data partners, shareholders, and the general public, to commit to upholding key values, and to explain openly how we put these values into practice. What follows below are just some of the examples of how ethics guides the way we do business. This is a living list of best practice that will continue to evolve to ensure Fable Data stays at the forefront of industry standards. 


Privacy by design 

  1. Our business model is private by design. We only receive and work with anonymised data. Specifically, we do not receive, hold, create or transmit Personal Data including names, addresses, user IDs, card numbers, bank account numbers or sort codes.  

  2. We do not receive certain types of transaction that are likely to contain identifiers, such as consumer-to-consumer bank transfers. 

  3. We help our partners to mask order and ticket numbers. We are interested in the name of an airline but not the ticket information. 

  4. We will never attempt to re-identify individuals from the anonymised data shared with us by our data partners. 

  5. We actively check to ensure we are not receiving Personal Data, or close proxies, that could be used to re-identify individuals. If we receive Personal Data in error, we delete it, notify our data partners, and change our processes to stop it happening again. 

  6. Our products do not contain Personal Data, and are designed to inhibit re-identification. We also require our clients to not combine our feeds with other data in any way that might make it possible to re-identify individuals or create Personal Data. 

  7. Our data centre and communications networks are designed to be secure and resilient, in order to protect the data we receive and process. 

Group privacy and protected characteristics 

  1. We balance our panel using high level attributes that cover thousands of households such as UK Local Authority, postcode sector and census data. For example, UK postcodes typically cover 40 houses, whereas postcode sectors typically cover 2,500 houses. Through balancing and tagging at postal sector level we create large cohorts of consumers and protect not only the privacy of individuals, but of groups as well.  

  2. We do not receive text that includes markers of protected group characteristics such as trade unions, political affiliation, or sexual orientation. 

  3. We populate and maintain a blacklist by reviewing protected characteristics and proxies identified by researchers.  

  4. We do not receive potentially sensitive group-level data that has no value for our clients. For example, a transaction for a court fine may not contain personal data and there is no route back to the individual, but we have no use for this information. 


  1. Only individuals in key roles in our business know who our data partners are. We do not disclose our data partners’ names to clients, nor our clients’ names to data partners. 

  2. We protect the identity of our data partners and do not speculate on their business performance. We do not trade the shares of our data partners, our clients, or any of the merchants about whom we derive information. 

Public service


  1. We provide many of our products free of charge to government policy-makers and academic researchers to support evidence-based policy-making and open science. 

  2. To help improve data analysis skills across government and academia, we share our expertise and technical know-how with selected public sector bodies.