Data Ethics Feature Image

What is ‘Data Ethics’?

March 3rd, 2021 Posted in Compliance, Data Protection

What is ‘data ethics’?

Advances in technology provide a wealth of benefits in all areas of life on both an organisational and an individual level. However, as this technology becomes more embedded in our lives, it raises important questions. One key question is whether we can balance these benefits against critical issues surrounding the rights of individuals and the allocation of responsibility? Data ethics is the idea of moving away from the discussion around what we can do with technology and data, and instead focusing on what we should be doing with data.

There is no single answer to the question ‘what should we be doing with data?’, as new areas of uncertainty are unearthed around how we can exploit and innovate with data, especially personal data. Despite this, it is still important to consider why using data in an ethical way is important especially as consumers become more aware of the value and importance of their data.

Why is it important?

Supporting compliance

One of the reasons data ethics is important is that many of its principles are embedded within legislation including the Consumer Rights Act, the Equality Act, and the Human Rights Act. Establishing internal data ethics principles within your organisation can help support compliance with current laws and provide a good foundation for compliance with future laws and regulations.

Compliance with the law can be complex, especially where those laws are principles-based. Having internal data ethics principles in place can make it more likely that many of your procedures will need minimal adjustment to accommodate the requirements of any new legislation.

Retaining customer trust

By being upfront and transparent about how you use an individual’s data, you are aligning yourself with a key data ethics principle. Not only that but also increasing the level of trust that your customers and clients have in you. Organisations are more likely to retain customers and win new business if they are open about how they are using individuals’ information.

Additionally, organisations such as the Financial Conduct Authority (FCA) are becoming increasingly interested in how data ethics applies in the context of customer treatment. By considering data ethics at an early stage, you can be prepared to accommodate new regulations within your business sector. This being especially important in ensuring customers and clients are aware of how their data is being used.

To prevent bias

One of the more complicated and difficult issues that data ethics looks to tackle is bias in decision-making. There are two main causes of bias in decision-making technology. The first is the humans who create the tech, and the second is the machines themselves.

Over the years, there have been numerous reputation-damaging stories. In particular, around how automated decision-making machines have produced unconsciously biased outcomes. The most recent being the UK school exam results fiasco. Last year, around 75,000 pupils across Scotland had their exam results downgraded. Similarly, around 40% of pupils across England and Wales had their results negatively impacted. The system within the exam board used data based on postcodes (those living in poorer areas had a more significant downgrade in comparison to pupils residing in more affluent areas) and past performance of schools. The goal was to eliminate the issue of any predicted grades handed out by ‘generous’ teachers. However, using an algorithm based on area and historic school records, rather than an individual’s performance, led to devastated students, outraged parents, and accusations of discrimination and bias.

The Centre for Data Ethics and Innovation has produced a report on how to prevent these types of biases from occurring. It includes within it, recommendations about what steps organisations can take. The report highlights the importance of data ethics in preventing bias. It states “good use of data enables organisations to shine a light on existing practices and identify what is driving bias.”

Data ethics and GDPR

If you are not so familiar with European data protection and its flagship legislation – the GDPR, which is considered by many to be the “gold standard” data protection legislation, then you may be surprised to hear that data ethics is not explicitly referred to in any of its 99 articles.

Strange, as you would imagine a law surrounding the use of individuals data would explain how to use it ethically. Well, it does set data ethics expectations but is not explicit because it is a principles-based law. Such laws are drafted in a way that is not explicit so they can be applied by organisations of all types and sizes in a way that makes sense in the context of their business activities.

Principles-based laws provide great flexibility and much future-proofing but can also be frustrating for businesses that want certainty around their obligations. Principles-based laws can, however, effect cultural change and GDPR should have this effect in favour of data ethics.

For example, the first data protection principle listed in Article 5 of GDPR states that: “Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.”. This is not a new principle; it has existed in all forms of legislation but GDPR has arguably had a bigger impact than the previous legislation for reasons beyond the scope of this blog.

Thinking about this principle in the context of data ethics, the use of personal data in a fair (would individuals expect their personal data to be used this way) and transparent (have we told individuals how we collect their data, what we use it for, who we share it with and for how long) way is an example of data ethics in practice.

Innovation and new uses of personal data

The future-proofing aspect of the GDPR as a principles-based law (something which remains under debate) also means it should embed data ethics principles within new technologies and innovative uses of personal data. The steps required to comply, require organisations to ask themselves questions that are equally valid as data ethics questions such as ‘should we be collecting this personal data in the first place, or is there another, less intrusive, way of achieving the same outcome?’.

This means that any future adaptations of how personal data is used, providing it conforms to the requirements GDPR, will already have had some consideration given to data ethics. It is likely a few of the concerns that will arise from these adaptations will be too complex for the limited ethical considerations to cover. Nevertheless, it will provide a solid foundation upon which those matters can be explored further.

In conclusion

As you can see, there are several benefits for taking data ethics seriously within your organisation. This includes aligning your organisation to key legislation.  By doing this you are, preparing yourself better for the future. It also includes building the trust you share with your clients and customers.

It may not be at the top of your “to-do-list” right now. However, taking just a short while to ensure that data ethics principles underpin how your organisation operates, can only serve to benefit you now, and in the future. If you are meeting your GDPR obligations, the chances are you are already thinking about data ethics as described above.

Need help?

If you are trying to clarify whether you are at risk of a data breach, or want to discuss what your business needs in order to prevent a breach, we can help. Contact us for a no-obligation chat.

Raymond Orife Evalian 250x250

Written by Ray Orife

Ray specialises in data protection and information rights law. He is a qualified solicitor and worked in private practice and in-house in commercial law roles before focusing on data protection. Before joining Evalian™ he was in-house counsel and Data Protection Officer for a high street financial services organisation and their associated businesses. His qualifications include a First Class Honours Degree in Law, LPC (Distinction), Practitioner Certificate in Data Protection (PC.dp) and IAPP CIPP/E.