FEATURE25 June 2020
Giving values a voice
x Sponsored content on Research Live and in Impact magazine is editorially independent.
Find out more about advertising and sponsorship.
FEATURE25 June 2020
x Sponsored content on Research Live and in Impact magazine is editorially independent.
Find out more about advertising and sponsorship.
Ellis Parry joined the Information Commissioner’s Office (ICO) as its first data ethics adviser at the end of 2019. Impact caught up with him to discuss how organisations can build a more ethical approach to data.
My role is to articulate the interplay between the data protection principles over which the ICO has regulatory oversight and the emerging field of data ethics, and communicate and consult on those views, raising awareness and buy-in to the mutually reinforcing nature of the concepts underpinning each discipline.
The ICO’s mission is to uphold information rights for the UK public in the digital age. The number one goal of the ICO’s Information Rights Strategic Plan is to increase the public’s trust and confidence in how personal data is used and made available, by creating a culture of transparency and accountability.
These are quite context specific. Articulating their values, the principles that enable those values, and building those into their decision-making processes can help organisations identify and deal appropriately with the ethics raised by their proposed personal-data processing.
As part of establishing and building a culture of transparency, fairness and accountability, organisations should share their values and behaviours, and make suitably senior people responsible for ensuring they are considered and subject to continuing review at the appropriate stages of their process-based governance frameworks.
Much has been said on the limitations of consent as a lawful processing ground, given the novel possibilities for processing personal data that technology is now making possible. I view robust, structured and recorded deliberations on the ethics of any given proposed processing as a tangible step towards organisations showing a culture of accountability. For public authorities, those deliberations could be made public – private organisations should consider whether that level of transparency would be appropriate, too.
Many of the publicly available data ethics frameworks have a human-centric approach as their foundation. So we will be talking to stakeholders about what, in their view, is the intersection between the data protection principles and data ethics, and how a conversation based on society’s collective morality can promote adherence to the GDPR’s inherently ethical principles.
The question encapsulates the answer! The challenge is striking the right balance between those two potentially competing and yet allied interests.
Framing the debate in ethics can help organisations apply the GDPR’s principles appropriately, in particular, as part of any legitimate-interest impact assessment.
In relation to facial-recognition technology, the ICO is considering how the private sector uses this technology for locating and identifying people, including when it’s used with law enforcement.
The law is different for the police, and the ICO has already published a Commissioner’s Opinion, which gives clear instructions on how police forces should be using live facial-recognition technology.
Each scenario will be quite context specific, but this illustrates one of the benefits of organisations stating their values and principles.
Ethical considerations ‘move with the times’ as society’s prevailing attitudes change. Adhering to a code of conduct or being a member of a certification scheme can help organisations prove they are accountable for how they are processing personal data within agreed boundaries.
The ICO has recently published guidance for organisations wanting to develop GDPR codes of conduct or certification schemes. Organisations can submit their proposals for these to the ICO for approval, which will be an asset to businesses, helping data controllers and processors demonstrate compliance with the GDPR.
The ICO does not regulate purely ethical considerations, but given the inherently ethical nature and language of the GDPR – in particular, I’m thinking about fairness, transparency and accountability here – the supervisory authorities can take steps when they see breaches of the law.
That they may, by design or inadvertently, entrench discrimination against sections of society, having a negative impact on mankind’s freedom to grow in a diverse and pluralistic environment.
It may be that the black-and-white letter of the law could be perceived as not moving quickly enough to regulate, with surety, rapidly evolving technology. By and large, organisations want to do ‘the right thing’, but may not have a clear view of how to successfully apply the GDPR’s principles in novel situations where there is no precedent.
This is exactly where I think viewing a proposal through an ethical lens can help illustrate the legal issues more clearly, as social mores are more agile than black-and-white letter law and, therefore, more adept at keeping up with the rate of technological innovation, and signposting how it should be governed for the benefit of the whole of society.
This article was originally published in the April 2020 issue of Impact.
0 Comments