Why do we need data ethics?

Print

To continue our series of posts focused on data ethics, our commissioner Emma Martins, explains why data ethics is essential if we are to avoid a ‘race to the bottom’ by focusing solely on what is legal, not what is right.    


 

In the first of our articles on data ethics, we talked about why it is that the question of ethics now has a much higher profile in conversations around data protection.

Why is it even necessary to have to think beyond what the data protection law says? It is, after all, a very comprehensive piece of legislation that covers the processing of personal data in nearly all its forms.

I think that at least some of the answer lies in the nature of data in this modern era.

Put simply, we are immersed in it. Technology has become embedded into our everyday lives, shaping us and our society. Even our bodies are becoming increasingly connected so technology is no longer something apart from us, it is a part of us.

We produce and consume data as part of huge data ecosystems that span almost every aspect of our work and home lives. Whether we are aware of it or not, our lives are influenced by the processing that goes on, mostly behind the scenes.

And it is the fact that data is now integral to our lives and interwoven into them that the question of regulation rears its head. Few disagree that regulation providing protections and remedies is important when data harms are so real. But if we think of law as being the only arbiter, we essentially consider all conduct except the illegal to be allowed. Doing ethics means that we seek to live our best lives, not see how low we can sink, because If we look only to law, we risk a race to the bottom. We need to aspire to be better than that. How we treat each other and would wish others to treat us is more than law. And much of culture – our attitudes, values, aspirations, starts from a question of ethics. What sort of place do we want to live in and what do we want our lives and the lives of others to be like?

In the lead up to GDPR there is an argument that in the rush to the 25 May 2018 deadline, compliance became about checklists and tick boxes. Checklists have value but can be counterproductive if we do not engage with the underlying spirit.

Real respect for data rights can only be delivered in part by law. Regulators and legislation cannot on their own deliver outcomes that truly protect individuals and allow businesses to flourish by ensuring their most important asset – data – is properly looked after. Where you have a culture that understands, engages and respects data protection, organisations will operate that way because there is a cultural and social as well as legal pressure for them to do so.

Just recently on the radio I heard an item which highlighted how a UK company had hidden a tick box away during an online application process. Affected individuals were shocked and angry at the subsequent way in which their data was used. It was clear that the company concerned had done everything it could to obfuscate the message, trying to get consent from individuals without them even being aware of having given it. This is no accident. Every organisation will make decisions about the layout and wording of webpages and forms. Whilst the law may take a dim view of this sort of deceptive practice, perhaps as important is the fact that it became a news story. This serves to shine a light on organisations that do not engage with their responsibilities legally or ethically which in turn can be very effective in prompting positive change.

Ethics is not something that stops at the front door of your office. Organisations are made up of people – of us. How we approach all aspects of our lives has the potential to underpin a common foundation for our jurisdiction that we can all benefit from.

So, to be interested in ethics is to be interested in life. With our lives so completely wrapped up in the data choices we and others make, to be interested in life is also to be interested in data protection.

More than ever before, data protection requires personal engagement, not just a run through of a check list. In requiring personal engagement it necessarily means that you will bring your personal values to that engagement. Ethics must become a custom, a way of thinking, a set of values held by us all. It is the conversations and the outcomes that matter and we want to play our part in making sure conversations continue and outcomes improve.