Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
pernilletranberg
Stempel
DATAETHICS – Principles and Guidelines forCompanies, Authorities & Organisations1. Edition 2018Copyright © 2018 The Authors
Authors: Pernille Tranberg, Gry Hasselbalch, BirgitteKofod Olsen & Catrine Søndergaard ByrneBook layout: Spintype.comCover design: Paws FabrikTranslated by: Focuspr.dkPrinted by: AKAPRINT A/SPublished with: Spintype.com
Isbn print: 9788771920475Isbn pdf: 9788771920482Isbn epub: 9788771920499
CONTENTS
1: INTRO 5
2: DEFINITION OF DATA ETHICS 7
3: DATA ETHICS PRINCIPLES 9
4: QUESTIONNAIRE 13
5: FAQ ON DATA ETHICS 21
CHAPTER 1
INTRO
5
The independent thinkdotank DataEthics.euhas developed a set of data ethics principles andguidelines that may help the integration of dataethics in your data processing activities. Here,we present the principles, a detailedquestionnaire and a FAQ on data ethics. Weacknowledge that nobody is perfect, that everyt-hing is in beta - also with data ethics. Theimportant thing is that we have started the pro-cess and get better at it for every step we take.
The principles and guidelines may be reprodu-ced freely as long as DataEhics.eu is clearly cre-
6
DATAETHICS
dited with a link to dataethics.eu/en/data-ethics-principles/
Find more information, tools and inspirationon www.dataethics.eu
All the very best,
Pernille TranbergGry HasselbalchBirgitte Kofod OlsenCatrine Søndergaard Byrne
September 2018
CHAPTER 2
DEFINITION OF DATA ETHICS
7
Data ethics is about responsible and sustainableuse of data. It is about doing the right thing forpeople and society. Data processes should bedesigned as sustainable solutions benefittingfirst and foremost humans.
Data ethics refer and adhere to the principlesand values on which human rights and personaldata protection laws are based. It's about honestand genuine transparency in data management.To actively develop privacy-by-design andprivacy-enhancing products and infrastructures.To treat someone else's personal information asyou wish your own, or your children's, treated.
8
DATAETHICS
Data ethics is the step further than mere compli-ance with personal data protection laws: Alldata processing therefore respects as a mini-mum the requirements set out in the EU’s Gene-ral Data Protection Regulation (GDPR), theCharter of Fundamental Rights of the EuropeanUnion and the European Convention onHuman Rights.
CHAPTER 3
DATA ETHICS PRINCIPLES
9
THE HUMAN BEING AT THE CENTRE
Human interests always prevail for institutionaland commercial interests. People are not com-puter processes or pieces of software, butunique with empathy, self- determination ,unpredictability, intuition and creativity andtherefore have a higher status than machines.The human being is at the centre and have theprimary benefit of data processing.
10
DATAETHICS
INDIVIDUAL DATA CONTROL
Humans should be in control of their data andempowered by their data. A person’s self-determination should be prioritised in all dataprocesses and the person should be activelyinvolved in regards to the data recorded aboutthem. The individual has the primary controlover the usage of their data, the context inwhich his/her data is processed and how it isactivated.
TRANSPARENCY
Data processing activities and automated deci-sions must make sense for the individual. Theymust be truly transparent and explainable. Thepurpose and interests of data processing mustbe clearly understood by the individual in termsof understanding risks, as well as social, ethicaland societal consequences.
11
DATA ETHICS PRINCIPLES
ACCOUNTABILITY
Accountability is an organisation’s reflective,reasonable and systematic use and protection ofpersonal data. Accountability is an integral partof all aspects of data processing, and efforts arebeing made to reduce the risks for the indivi-dual and to mitigate social and ethical implica-tions. Sustainable personal data processing isembedded throughout the organisation andensures ethical accountability in the short,medium and long term. An organisation’s acco-untability should also apply to subcontractor’sand partners’ processing of data.
EQUALITY
Democratic data processing is based on an awa-reness of the societal power relations that datasystems sustain, reproduce or create. When pro-cessing data, special attention should be paid to
12
DATAETHICS
vulnerable people, who are are particularly vul-nerable to profiling that may adversely affecttheir self-determination and control or exposethem to discrimination or stigmatisation, forexample due to their financial, social or healthrelated conditions. Paying attention to vulne-rable people also involves working actively toreduce bias in the development of self-learningalgorithms.
CHAPTER 4
QUESTIONNAIRE
13
These questions can be used in combinationwith the FAQ to work with data ethics dilem-mas in your organisation. You can for exampleuse your discussion of the questions as a basisfor preparing data ethics guidelines.
THE HUMAN BEING AT THE CENTRE
• Is your data processing based on the fact thatyou borrow data from the users (not owner oftheir data)?
• Do you ensure that the user's rights areprioritised, rather than commercial orinstitutional interests?
14
DATAETHICS
• Do you ensure that primarily users benefitfrom their own data – not just theorganisation?
• Do you use privacy-by-design principles, andcan you describe them clearly andtransparently?
INDIVIDUAL DATA CONTROL
On-device processing
• Do you ensure that users' data - as far aspossible - is processed directly on the users'own device(s)?
• When the processing of data is necessaryother than on the user’s own devices, such asyour server or a cloud solution, is collecteddata not related to an identifiable person?
15
QUESTIONNAIRE
Profiling
• Do you use profiling? If so, do you allow theuser to influence and determine the values,rules and input that underlie the profiling?
Predictions
• Do you use data to predict individual-levelbehaviour or only patterns?
TRANSPARENCY
Data Storage
• In which country is your data stored?• Where is the storage solutions provider
headquartered?• Does the transmission of data go through
countries outside of the EU?
16
DATAETHICS
Artificial Intelligence
• Do you use machine learning / artificialintelligence? If so, can you explain thealgorithms - the criteria and parameters?
Behavioural Design
• Do you use personal data to influence userbehaviour?
• Do you ensure that it is transparent when theuse of personal data may influence a user’sbehaviour?
• Do you ensure that the design does not createaddiction and thus influences the person's self-determination and empowerment?
Open Source
• Do you operate with open source software, soothers can use it and possibly develop itfurther ?
17
QUESTIONNAIRE
ACCOUNTABILITY
Anonymity
• When do you anonymise personal data?• Do you use end-to-end encryption of data?• Do you minimise the use of metadata and
explain how it is done?
Zero-knowledge
• Do you use zero knowledge as a designprinciple?
Sales of Data
• Do you sell data to third parties?• Do you sell data as personal identifiable data?• Do you sell data as patterns on an aggregated
level?• If you sell data, are you making sure that it
is fully anonymised information onlydescribing patterns, not individuals?
18
DATAETHICS
Data Sharing
• Do you use third-party cookies?• Does this include SoMe (social media) cookies
and SoMe logins?• Do you use Google Analytics or similar
tracking tools?• If you use third-party cookies, are your users
fully aware that your cookie use leads tosharing of data about your users with thirdparties and do they agree with it?
Data Enrichment
• Do you enrich data with external data, suchas social media data, bought data or webscraping?
• Does this enrichment occur in response to, orin cooperation with, your users?
19
QUESTIONNAIRE
Organisational Anchoring
• Do you have an individual or a departmentresponsible for the ethical managing of data?
• How is the work with data ethics embeddedin the organisation?
• How do you ensure that your data ethicsguidelines are respected?
External Control
• Can the processing of data be audited by anindependent third party?
• Do you require and and control the dataethics of your subcontractors and partners?
EQUALITY
Public Platforms
• Do you engage in dialogue with your users ona public platform?
20
DATAETHICS
• Do you have guidelines for using the platform?• Do you moderate the platform in order to
remove sensitive personal data?• If your services are offered to children, do you
ensure parental consent?
Reuse of data
• Is data used to develop or train an algorithm?• Do you ensure that the use of data does not
lead to discrimination?• Do you ensure that the use of data does not
expose the vulnerabilities of individuals?
Artificial Intelligence
• Do you ensure that the use of artificialintelligence / machine learning is to thebenefit of the individual and does not causephysical, psychological, social or financialharm to the individual?
CHAPTER 5
FAQ ON DATA ETHICS
21
Below are a number of Frequently AskedQuestions, in alphabetical order, regarding dataethics.
Active PartyWhat does it mean to be an active party?If a doctor writes something about you in apatient journal or a teacher records somethingabout your child, or something about you as aparent, and it is your belief that they have notconsidered the nuances of the matter, you cancontribute additional information that is visibleto anyone who has access to your data. Or aninsurance company gives you access to com-
22
DATAETHICS
ment on the conclusions they have reachedbased on your data.
AnonymizationWhat is ethically responsible anonymisation?Pseudonymisation means that you cannotdirectly see the individuals the information con-cerns, however, there is still an opportunity toestablish the identity of those individuals. Ano-nymisation is a step further. No one should beable to recreate the identity of a person. In pseu-donymisation as well as anonymisation of perso-nal data, it is important to document this andallow a third party to examine the internalmachinery and to verify and possibly certify thefact. There are not many external third partiesoffering this service today, but it will be animportant step forward, see "External Control”
23
FAQ ON DATA ETHICS
Artificial Intelligence (AI)What is the best way to manage artificial intelli-gence?We do so by ensuring human control. TheDepartment of Applied Mathematics and Com-puter Science at the Technical University ofDenmark, has formulated a number of fine SafeAI principles:
• Safe AI is safe: has passed tests andverification and is robust againstsystematic and expert attacks
• Safe AI is self-conscious: understands itsown role and uncertainty and can, forexample, refuse to act
• Safe AI can keep a secret: privacyprotection and privacy by design, is built-in
• Safe AI has well-defined values: iscleansed of stereotypes, bias, andunderstands emotions
24
DATAETHICS
• Safe AI has social skills: understandssocial relations and understands theuser's knowledge and skills
• Safe AI understands power: understandsthe data and related action contexts andits consequences
• Safe AI is documented: transparent andcommunicative, offering the right toexplanation
• Safe AI is open source: methods, codeand test results are available to all
Source: Professor Lars Kai Hansen, DTU Compute
Behavioural DesignWhat is behavioural design in a data ethics per-spective?Use of personal data to influence user behaviourmay be manipulative if the user's control is notat the centre, but the design primarily is devel-oped to create dependence, increase use of a ser-
25
FAQ ON DATA ETHICS
vice and user numbers or simply to effect moresales. Behavioural design should be transparentto the user, and aim not to have discriminatoryeffects or be addictive. The individual must beempowered and be able to preserve their self-determination.
BiasWhat is bias in design?Bias is built-in prejudices and negative stereoty-ping. Bias may occur in training data, the histo-rical data used to develop a self-learning algo-rithm. Bias may also occur in the design of analgorithm that can categorise and label peoplein a way that discriminates between, forexample, population groups. Bias can be redu-ced by, among others, manual sorting and clea-nup of data. It can also be diminished bymaking sure that the algorithm can be explai-ned and interpreted and is open to auditing.For example, the winners of the first beauty con-
26
DATAETHICS
test, judged by a self-learning algorithm, werevirtually all white, because the algorithm hadbeen trained mostly with images of whitepeople. Bias was here in the training data thatdid not include many images of other races.
ExplainabilityWhat is explainability?Algorithms must be explained in a way thatindividuals understand them. They should notonly provide basic information about the dataprocessing but must be documented and be ableto explain how a given algorithmic decision hasbeen taken, including the criteria and parame-ters for a decision e.g. regarding credit rating,insurance premium or allocation of social bene-fits.
Data ActivationWhat is Data Activation?The GDPR gives individuals the right to con-
27
FAQ ON DATA ETHICS
trol their own data and the right to ‘portability',that is to get data easily transferred at the users'request. However, individual data control is notenough in the long run, individuals will increa-singly also need to be empowered to activatetheir own data and utilise it for the purpose ofenriching their own finances, health and every-day lives. This will also be beneficial to the com-pany or institution providing new serviceswhere the individual can activate their owndata.
Data EnrichmentWhat is web scraping and can you be ethicallyresponsible?Is it possible to enrich data with web scrapingfrom websites, including public sections ofsocial media. However it is controversial,because even though data is publicly available,it has ethical implications. Therefore, make sure
28
DATAETHICS
that it is done at the request, and with the infor-med consent, of the users.
Data SharingWhen is it unethical to use third party cookies?If a company or organisation is dealing withchildren and others considered vulnerable, it isnot ethical to allow third party cookies on one'swebsite, for the purposes of sharing identifi-able, sensitive data with third parties. If youhave health data or data about political opini-ons or affiliation, sexual or religious orientationor other sensitive data, it is also unethical toallow third party cookies on the website. It isalso unethical for the Public Sector to sharedata about citizens' behaviour via third partycookies - including SoMe cookies. Few consu-mers and citizens understand data sharing andperceive it as covert even though they haveexplicitly agreed to it via a pop-up. It may belegal, but it is regarded as disturbing and over-
29
FAQ ON DATA ETHICS
stepping boundaries by most people and musttherefore be considered unethical.
Data StorageWhen is data storage ethically problematic?It may be lawful to store data in a country out-side the EU, however, just because it is legal,doesn’t mean it is ethical. For example, it couldbe discussed whether it is ethically justifiable tostore data with a company based in countriesthat practice and allow digital dictatorships ordata monopolies. We don’t think so. However,storing data on one’s own servers, where youalways have control over the data, or in a cloudprovider with its registered office in theEU/EEA, can be considered as data ethical.
Earning moneyCan you earn money on data processing?Yes, you can, as long as the individual's controlis at the centre. Financial interests can never
30
DATAETHICS
override human rights, such as the right to pri-vacy, self-determination and not to be discrimi-nated against or stigmatised. This can be achie-ved, for example, through Privacy-by-Design.
End-to-end encryptionWhat is encryption?One thing is to encrypt traffic, so nobody canintercept data in transit, another is end-to-endencryption, where no one other than sender andrecipient can see the content, not even the com-pany that owns the platform where the commu-nication takes place.
External ControlWhy independent auditing?It is important - at least prospectively - thatdata processing can withstand being reviewedand verified by an external independent audi-tor. As with the environment, child labour andIT security, more and more users need to know
31
FAQ ON DATA ETHICS
that what you say is what you actually do.Today, only few credible schemes exist to verifyor certify, such as ISO and EuroPriSe. Howeverin the wake of GDPR, the EU has announced adecisive European privacy certification system,as there are no doubt more certification sche-mes to come.
MetadataWhat is metadata?Metadata is data about data or a type of declara-tion for data that can provide informationabout data sets and services. For example, theremay be data about who has sent an email, towhom, and when, but this metadata shows not-hing about the content of the email. There havebeen discussions about whether metadata is per-sonal information, i.e. whether it is possible toidentify a person based on metadata. However,there is no doubt that metadata is a powerfultool for mapping behaviour, circle of interests,
32
DATAETHICS
habits, etc., as well as for profiling. The dataethical question is, whether to identify andinform users regarding the use of metadata, andwhether the user can gain insight and access tometadata.
On-Device ProcessingWhat is on-device processing?Instead of collecting and storing personal dataon your own server or cloud, you can processdata directly on users' devices. Apple does itwith Siri, as does the secure Swiss messagingapp Wire and the secure German browserCliqz. When there is a need for processing ofdata on a server, data should be collected anony-mously without being identifiable.
Open SourceWhy is open source a good thing?Open source means that the source code in yourapplications is freely available and others can
33
FAQ ON DATA ETHICS
improve, test, debug and secure the system -there is worldwide support and security vulnera-bilities are often captured quickly. It does notmean it’s free, but often cheaper and allows youto develop independent of the supplier. Thenthere’s the transparency: Your users - or thirdparties, can find out exactly what the productcontains.
Organisational AnchoringWhat is organisational anchoring of data ethics?Data ethics is not a "one-man job". It's a broadapproach covering everything from productdevelopment, innovation and marketing to stra-tegic development. The data ethics approachshould therefore be driven entirely from topmanagement and considered as a value amongemployees. It can be done in different ways, forexample, Apple’s privacy experts have beeninvolved from the beginning in all product deve-lopment teams, and French AXA (insurance)
34
DATAETHICS
has an advisory board of independent experts,that meets in Paris twice a year, to discuss dataethics dilemmas.
PredictionsCan predictions based on data be done ethically?It may be acceptable to do individual predi-ctions with, for example, personalised medicineand treatment. The data ethics question con-cerns whether the individual has insight and thepower to object, to say no, or to choose whetherto accept or not.
Privacy by DesignWhat is Privacy by Design?Privacy by Design (PbD) means that the settingof a service is private by default and that it isdesigned and developed with privacy as a star-ting point. The first PbD principles were devel-oped in the 1990s by Dr. Ann Cavoukian, for-mer Information and Privacy Commissioner in
35
FAQ ON DATA ETHICS
Canada, and have continued to evolve. You canalso choose to see PbD as a business philosophy,that is, an innovative approach to digital busi-ness development, where privacy is the startingpoint for the different innovative business pro-cesses a company starts, from design and tech-nological development to human resource devel-opment, CSR and marketing. The PbD princip-les thus become a general guide to buildingalternatives to the data-driven public-by-default enterprise.
ProfilingWhat is profiling?Profiling is the automatic processing of datathat analyses certain personal aspects regardinga person, so as to make predictions about them,for example, their work, financial situation orhealth. Profiling is a data ethics challengebecause it is the most intense form of personaldata processing, so you must first determine
36
DATAETHICS
whether there is a legal basis for profiling. Anethical data profile will always be developed forthe benefit of the individual, and the individualwill have the opportunity to influence anddetermine values, rules and input used in theprofiling.
Sales of dataCan you sell data to third parties in an ethicallyresponsible manner?It is illegal to sell data to third parties unlessyou explicitly have consent to do it. A majorityof Danes e.g. believe that organisations are sel-ling data to third parties. It may not necessarilybe so, but it is important to explain what, per-haps, you take for granted. You can sell data,with ethical responsibility, to third parties inthe case of fully anonymized information basedon patterns among a group of citizens.
37
FAQ ON DATA ETHICS
TransparencyWhat is transparency?It's not enough simply having a TransparencyReport that shares how many times, forexample, regulatory bodies asks for access to acompany's data with a court order. Transpa-rency is also about personal data processes inone's own organisation.
Transparency is a step further than basic legalrequirements for consent and the possibility ofinsight and objection. Data systems and proces-ses are designed to support the individual's trustand to give the individual real opportunity toobject to the processing of their data. Individu-als must be able to object to data processingwithout losing rights.
VulnerableWho is particularly vulnerable to data processing?More data is often collected regarding particu-
38
DATAETHICS
larly vulnerable people, such as refugees, peoplewith physical disabilities, people with mental ill-nesses, the socially disadvantaged, the unem-ployed, prisoners, etc. For example, UdbetalingDanmark, the authority responsible for the col-lection, disbursement and control of publicbenefits in Denmark, collects a lot of informa-tion about beneficiaries, their partners and hou-seholds and assumed partners.
Zero-knowledgeWhat is the zero-knowledge principle?According to GDPR, no data must be storedlonger than is necessary for the purpose. Youcan choose to go beyond the legislation anddelete data before the required date, so that youare not unnecessarily at risk by holding particu-larly sensitive data. This can be by means ofauto-deletion, but also, by never having accessto data in the first place.
Related Documents
